![]() ![]() Russian demand for VPNs skyrockets by 2,692%.Germany advises citizens to uninstall Kaspersky antivirus.Huge DDoS attack temporarily kicks Israeli government sites offline.Russia's invasion of Ukraine tears open political rift between cybercriminals.Both are written in Go, and both open a backdoor to the PC, allowing it to be commandeered from afar. That program would update the Windows Registry to achieve persistence on the computer, and then download, base64-decode, and run two pieces of malware: GraphSteel and GrimPlant. One of those binaries would also base64-decode a payload, save it to disk, and run it. These would eventually run Cobalt Strike Beacon on the PC. ![]() Rather than upgrade the operating system, though, the code would fetch and run additional binaries from Discord. If the victim downloaded and ran the fake antivirus update, they would see a screen that told them to install a Windows Update package. The actual antivirus maker Bitdefender has, to be clear, nothing to do with this. They also told the recipient to download critical security updates in the form of a 60MB executable file dubbed BitdefenderWindowsUpdatePackage.exe. Beacon is a legit tool developed by HelpSystems mainly for red-team professionals.Īccording to Ukraine's CERT, the emails appeared to come from Ukrainian government agencies, and outlined ways to improve network security. When these were downloaded and run by a victim, more malware was brought onto the machine, including Cobalt Strike Beacon, which can take over the PC with PowerShell scripts, log keystrokes, take screenshots, exfiltrate files, run other malicious code, attempt to traverse the network, and so on. To start, the team earlier this month said miscreants had spammed out emails impersonating government agencies containing links to fake Windows antivirus updates. As Ukraine fights for survival against invading Russian forces, here's a taste of some of the malware the nation's Computer Emergency Response Team (CERT) is battling.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |