1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Your USB drive could be hiding some awful new malware

    From TechnologyDaily@1337:1/100 to All on Fri Jun 23 17:15:03 2023
    Your USB drive could be hiding some awful new malware

    Date:
    Fri, 23 Jun 2023 15:56:27 +0000

    Description:
    New malware variant from a well known Chinese state-sponsored hacking group
    is running rampant via USB drive.

    FULL STORY ======================================================================

    A rampart new malware strain exploiting USB drives is quickly spreading
    across the globe, experts have warned.

    Cybersecurity firm Check Point published a report outlining how a Chinese state-sponsored group called as Camaro Dragon (also known as Mustang Panda
    and LuminousMoth) is spreading the malware on a wide scale via infected USB drivers.

    WispRider is the name of the main variant being used, which has undergone numerous iterations. It uses the HopperTrick launcher to propagate via USB, and also has a feature to bypass SmadAV, a popular antivirus solution in Southeast Asia. WispRider

    This region is where the malware began operating, but it then self-propagated through USB drives to other regions of the world. In early 2023, the Check Point Incident Response Team (CPIRT) team found the malware had reached a European healthcare institution. read more

    Your home or office router could be under attack from a dangerous new
    Chinese malware



    Chinese hackers have turned Google's ethical hacking tool into a genuine
    security threat



    Microsoft claims Chinese hackers are targeting vital US infrastructure

    WispRider is also capable of DLL sideloading, using components belonging to security software, such as G-DATA Total Security, and those belonging to Electronic Arts and Riot Games, two giants in the gaming world. Check Point notified the above companies that attackers had used their respective software.

    Check Point says, "The prevalence and nature of the attacks using self-propagating USB malware demonstrate the need of protecting against
    those, even for organizations that may not be the direct targets of such campaigns."

    It claims to have found USB malware infections in other countries around the world, including Myanmar, South Korea, Great Britain, India and Russia.

    Check Point also notes that WispRider aligns with other tools used by Camaro Dragon recently, such as a backdoor called TinyNote and a router firmware implant called HorseShell. "All of them share infrastructure and operational goals," claims Check Point.

    Since the case witnessed at the European hospital, the malware has been upgraded. Now it has a more unified structure, whereby the USB infector, evasions module and backdoor are combined into one payload, as opposed to a separate set of legitimate executables and side-loaded DLLs.

    The coding of the malware components has also been revamped, with newer versions of all components now written in C++, whereas the USB launcher was written in Delphi. These are the best endpoint protection tools around



    ======================================================================
    Link to news story: https://www.techradar.com/pro/your-usb-stick-could-be-hiding-some-awful-new-ma lware


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)