1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Security experts are being targeted with fake malware discoveries

    From TechnologyDaily@1337:1/100 to All on Fri Jan 10 20:45:05 2025
    Security experts are being targeted with fake malware discoveries

    Date:
    Fri, 10 Jan 2025 20:32:00 +0000

    Description:
    Trend Micro warns the security community about a fake PoC making rounds.

    FULL STORY ======================================================================Trend Micro spots piece of malware being advertised as PoC fork for a major Windows vulnerability The malware acts as an infostealer, grabbing vital system information These types of attacks are often conducted by nation-states

    Cybercriminals are targeting security researchers with fake proof-of-concept (PoC) solutions, trying to infect their computers with infostealing malware , experts have warned.

    Cybersecurity researchers Trend Micro, who spotted the new campaign in
    January 2025, noted how the crooks would publish a PoC for a popular, critical-severity vulnerability, to draw the attention of the cybersecurity crowd.

    The researchers would then grab the PoC for analysis, and would end up installing a piece of malware, instead. Stealing vital PC information

    In this particular case, the crooks were advertising a fork of a legitimate, existing PoC for LDAPNightmare, a vulnerability discovered earlier in
    January, and consisting of two flaws, CVE-2024-49112, and CVE-2024-49113.

    The former serves as bait here, since it is a 9.8/10 severity flaw, affecting Windows Lightweight Directory Access Protocol (LDAP), and allowing for remote code execution (RCE).

    In its writeup, Trend Micro researcher Sarah Pearl Camiling said both vulnerabilities were deemed as highly significant due to the widespread use
    of LDAP in Windows environments. Both flaws were patched in December 2024, through the Patch Tuesday cumulative update.

    In the fake PoC, the crooks replaced some of the legitimate files with an executable named poc.exe. This would deploy a PowerShell script which would, in turn, deploy another script that steals data from the computer.

    Here is what the infostealer goes for:

    - PC information
    - Process list
    - Directory lists (Downloads, Recent, Documents, and Desktop)
    - Network IPs
    - Network adapters
    - Installed updates

    This type of attack is nothing new - criminals have regularly been observed applying the same tactics in the past.

    Although this was not hinted at in the report, these types of attacks are often conducted by nation-state actors, in an attempt to gather vital intelligence regarding the cybersecurity practices of large tech organizations, government firms, critical infrastructure players, and more.

    Via The Register You might also like This devious malware looked to exploit braille characters to breach Windows security flaws Here's a list of the best antivirus tools on offer These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/security-experts-are-being-targeted-wit h-fake-malware-discoveries


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)