1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Even the Windows logo isn't safe from malware

    From TechnologyDaily@1337:1/100 to All on Fri Sep 30 22:15:03 2022
    Even the Windows logo isn't safe from malware

    Date:
    Fri, 30 Sep 2022 20:51:58 +0000

    Description:
    Chinese hackers are smuggling dangerous malware in images, and attacking government organizations with them

    FULL STORY ======================================================================

    It appears that not even the iconic Windows logo is safe from malware
    anymore, as some cybercriminals managed to successfully hide malicious code inside it.

    Cybersecurity experts at Symantec claim to have spotted one such campaign using a process of hiding malicious code in otherwise harmless images, otherwise known as steganography.

    It is usually done to avoid detection by antivirus programs, as such
    solutions rarely detect images as malicious. Going after governments

    In this particular case, the group engaged in steganography attacks is called Witchetty, a known threat-actor allegedly strongly tied to the Chinese state-sponsored actor Cicada (AKA APT10), and also considered part of the TA410 organization that has targeted US energy providers in the past.

    The group kicked off its latest campaign in February 2022, targeting at least two governments in the Middle East.

    Whats more, an attack against a stock exchange in Africa is allegedly still active. Witchetty used steganography attacks to hide an XOR-encrypted backdoor, which was hosted on a cloud service, minimizing its chances of detection. To drop webshells on vulnerable endpoints , the attackers
    exploited known Microsoft Exchange ProxyShell vulnerabilities for initial access: CVE-2021-34473, CVE-2021-34523, CVE-2021-31207, CVE-2021-26855, and CVE-2021-27065.

    "Disguising the payload in this fashion allowed the attackers to host it on a free, trusted service," Symantec said. "Downloads from trusted hosts such as GitHub are far less likely to raise red flags than downloads from an attacker-controlled command-and-control (C&C) server." Read more

    Everyone's favorite media player abused to launch malware attacks


    APT10 hacking group targets industrial businesses once again


    Here are the best ransomware protection tools right now

    The XOR-encrypted backdoor allows threat actors to do a number of things, including tampering with files and folders, running and terminating
    processes, tweaking the Windows Registry, downloading additional malware, stealing documents, as well as turning the compromised endpoint into a C2 server.

    Last time we heard of Cicada was in April 2022, when researchers reported the group had abused the popular VLC media player to distribute malware and spy
    on government agencies and adjacent organizations located in the US, Canada, Hong Kong, Turkey, Israel, India, Montenegro, and Italy. Check out the best firewalls around

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/even-the-windows-logo-isnt-safe-from-malware/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)