1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This old Internet Explorer bug is being used to steal Google, Ins

    From TechnologyDaily@1337:1/100 to All on Fri Nov 26 12:45:04 2021
    This old Internet Explorer bug is being used to steal Google, Instagram logins

    Date:
    Fri, 26 Nov 2021 12:32:41 +0000

    Description:
    Months-old vulnerability is currently being used to target Iranians living abroad.

    FULL STORY ======================================================================

    A new infostealer is making rounds on the web, grabbing Google and Instagram credentials and monitoring the victims Telegram correspondence, cyber-researchers are saying.

    As reported by Bleeping Computer , security researchers from SafeBreach Labs have recently discovered a new Iranian threat actor, whos been targeting the Farsi-speaking community all over the world with the new malware.

    The malware is a PowerShell-based stealer called PowerShortSell. It exploits
    a Microsoft MSHTML remote code execution (RCE) bug, tracked under the ticker CVE-2021-40444. To infect a device, the attacker first needs to execute a spear-phishing attack , sending a Microsoft Word attachment that can execute
    a DLL downloaded by running the malicious file.

    Once the downloaded DLL launches PowerShortSell, the malware starts
    collecting data, stealing passwords , taking screenshots, and sending all of the data to the attackers command-and-control server. Targeting enemies of
    the establishment

    According to Tomer Bar, Director of Security Research at SafeBreach Labs, the targets seem to be Iranians who live abroad and might be seen as a threat to Irans Islamic regime. Bar came to this conclusion after analyzing the
    contents of the Word document sent out in the phishing attack, in which Irans leaders are blamed for a Corona massacre.

    "The adversary might be tied to Irans Islamic regime since the Telegram surveillance usage is typical of Iran's threat actors like Infy, Ferocious Kitten, and Rampant Kitten, he added.

    Almost half of all of the victims (45.8%) live in the United States, with the remainder being in The Netherlands (12.5%), Russia, Germany, and Canada (8.3%).

    CVE-2021-40444 RCE bug, which impacts Internet Explorers MSTHML rendering engine, was patched mid-September this year. It was first spotted in the wild three weeks prior, as the Iranians were not the only group to abuse the discovered vulnerability.

    In fact, threat actors were sharing tutorials and proof-of-concepts on
    hacking forums long before Microsoft managed to patch it up, Bleeping
    Computer finds.

    You might also want to check out our list of the best security keys out there



    ======================================================================
    Link to news story: https://www.techradar.com/news/this-old-internet-explorer-bug-is-being-used-to -steal-google-instagram-logins/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)