1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Researching North Korea online? You could be victim of a malware

    From TechnologyDaily@1337:1/100 to All on Mon Feb 20 20:15:03 2023
    Researching North Korea online? You could be victim of a malware attack

    Date:
    Mon, 20 Feb 2023 20:00:32 +0000

    Description:
    A backdoor is being installed on pro-North Korean websites, targeting people from specific countries in Japan and China.

    FULL STORY ======================================================================

    People with an interest in all things North Korea are being targeted with a very specific malware .

    Cybersecurity researchers from Trend Micro (via BleepingComputer ) have recently observed Earth Kitsune, a nascent threat actor, breaching a
    pro-North Korea website, and then using that site to deliver a backdoor
    dubbed WhiskerSpy.

    The malware allows the threat actors to steal files, take screenshots, and deploy additional malware to the compromised endpoint. WhisperSpy malware

    According to the researchers, when certain people visit the website and look to run video content, theyll be prompted to install a video codec first.
    Those that fall for the trick would download a modified version of a legitimate codec (Codec-AVC1.msi), which installs the WhiskerSpy backdoor.

    The backdoor grants the threat actors a number of different capabilities, including downloading files to the compromised endpoint, uploading files, deleting them, listing them, taking screenshots, loading executables and calling its export, and injecting shellcode into processes.

    The backdoor then communicates with the malware's command and control (C2) server, using a 16-byte AES encryption key.

    But not all visitors are at risk. In fact, chances are that only a small portion of the visitors are being targeted, as Trend Micro discovered that
    the backdoor only activates when visitors from Shenyang, China, or Nagoya, Japan, open the site. Read more

    North Korean hackers target phones, Windows devices with new malware


    FBI confirms North Korean Lazarus Group was behind major Harmony crypto
    heist


    We've also listed the best endpoint protection services around

    Truth be told, people from Brazil would also be prompted to download the backdoor, but researchers believe Brazil was only used to test if the attack works or not.

    After all, the researchers found the IP addresses in Brazil belonged to a commercial VPN service.

    Once installed, the malware goes to lengths to persist on the device. Apparently, Earth Kitsune uses the native messaging host in Googles Chrome browser to install a malicious extension called Google Chrome Helper. This extension would run the payload every time the browser starts. Here's our rundown of the best firewalls right now



    ======================================================================
    Link to news story: https://www.techradar.com/news/researching-north-korea-online-you-could-be-vic tim-of-a-malware-attack


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)