1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Fake installers are tricking victims into installing malware

    From TechnologyDaily@1337:1/100 to All on Thu Feb 16 14:00:03 2023
    Fake installers are tricking victims into installing malware

    Date:
    Thu, 16 Feb 2023 13:41:24 +0000

    Description:
    Chinese targets bombarded with fake Telegram installers that deliver a RAT instead.

    FULL STORY ======================================================================

    Hackers have once again been found abusing Google Ads to deliver malware - this time, hitting Chinese-speaking targets living in Southeast and East
    Asia.

    Cybersecurity experts at ESET found that unidentified threat actors created multiple malicious landing pages, all impersonating major programs, including some that are unavailable in China, including Firefox, WhatsApp, Signal, Skype, and Telegram.

    The landing pages are all hosted on the same server, which also hosts the programs. But when downloading the payload, the victims would get both the legitimate software, and FatalRAT, a remote access trojan that allows the threat actors control over the target endpoint. FatalRAT

    FatalRAT is capable of doing all sorts of nasty things - logging keystrokes, stealing data stored in the browsers, and downloading and running additional programs. The researchers said that this version of the trojan has been in
    use at least since August 2022, but older versions were in use even earlier - in May.

    To distribute the malware, the attackers abused Google Ads, meaning that when someone searches for any of the abovementioned programs on the famed search engine, they would get the malicious landing pages very high up in the search results pages. Read more

    This dangerous malware affects nearly all devices, and somehow remained
    undetected until now


    This sneaky new Go malware is causing havoc everywhere it goes


    Here are the best ID theft protection solutions around

    Researchers couldnt reproduce the search results but claim that the hackers were probably engaged in URL hijacking:

    Although we couldnt reproduce such search results, we believe that the ads were only served to users in the targeted region, said ESET researcher Matas Porolli. Since many of the domain names that the attackers registered for their websites are very similar to the legitimate domains, it is also
    possible that the attackers rely on URL hijacking to attract potential
    victims to their websites, he added.

    The hackers endgame is unknown, too, researchers said, speculating that they could just be after credentials, in order to sell them for profit. These are the best firewalls



    ======================================================================
    Link to news story: https://www.techradar.com/news/fake-installers-are-tricking-victims-into-insta lling-malware


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)