Tag: inject | SpinSafe

Hackers Hijack Websites to Inject Malware that Steals Credentials

February 26, 2024/in Internet Security

Concerning a development for internet security, a new form of website malware known as “Angel Drainer” has been increasingly targeting Web3 and cryptocurrency assets since January 2024.

This malware is part of a broader trend of rising Web3 phishing sites and crypto drainers that significantly threaten user credentials and wallets.

Document

Live Account Takeover Attack Simulation

Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks

.

Web3 Crypto Malware: Angel Drainer Overview

Angel Drainer is a crypto drainer implicated in security breaches, including a notable incident with Ledger Connect Kit in December.

It operates by injecting itself directly into compromised websites or redirecting visitors to phishing sites containing the drainer. Once in place, it can steal and redistribute assets from compromised wallets, reads the Sucuri report.

The surge in malicious activity is alarming, with over 20,000 unique Web3 phishing sites created in 2023 alone.

As per recent reports, the Angel Drainer phishing group has illicitly acquired a sum of over $400,000 from a total of 128 cryptocurrency wallets.

The group has utilized a new and sophisticated tactic to carry out their fraudulent activities, which is a cause of concern for businesses and individuals alike.

In the first two months of 2024, at least three unrelated malware campaigns have begun using crypto drainers in website hacks.

fake browser update + crypto drainer

Sucuri’s SiteCheck remote website scanner detected the Angel Drainer variant on over 550 sites since early February, and the public showed this injection on 432 sites at the time of writing.

The impact of these attacks is profound, with Angel Drainer found on 5,751 different unique domains over the past four weeks.

The malware leverages phishing tactics and malicious injections to exploit the Web3 ecosystem’s reliance on direct wallet interactions, endangering both website owners and the safety of user assets.

Injection Methods and Strategies

The injection methods used by these attackers are sophisticated and varied. They can…

Source…

Hackers Inject Malware Into Widely-Used Password Management App

April 24, 2021/in Computer Security

Companies around the globe are scrambling to update critical credentials this weekend The reason: the popular password management app Passwordstate fell victim to hackers, who injected malware via the app’s update mechanism.

Silhouette of male hand typing on laptop keyboard at night — Image:

getty

Click Studios, the developer of Passwordstate, alerted its customers about the incident late this week immediately after it was discovered. The email noted that the breach occurred between April 20 and 22.

During that time, the attackers “[used] sophisticated techniques” to insert a malicious file alongside legitimate Passwordstate updates. At this point in time it appears as though the malicious update did indeed make its way onto Passwordstate users’ computers.

Full Impact Difficult To Assess

In its online Passwordstate brochure, Click Studios reports “Empowering more than 29,000 Customers and 370,000 Security & IT Professionals globally.” With numbers like those in play, it could take weeks or even months before the full impact of the breach is known.

Even at a small or medium organization, IT staff manage dozens if not hundreds of credentials for services and devices.

“Affected customers password records may have been harvested,” states the breach notification (PDF link). Indeed, users would do well to assume the worst even though there are some mitigating factors.

Click Studios notes that the malicious activity spanned 28 hours. Customers who did not receive an automatic update during that name should not be affected. Likewise, users who perform updates manually should be safe.

The downside is that those groups could be fairly small. Keeping software fully updated is supposed to be one of the cornerstones of good security, after all. We’ve grown to rely on automatic update systems to take the hassle out of the process for us.

Security researchers at the Denmark-based CSIS Group detected the rogue file on a system during an investigation. Once it had been delivered to a victim’s computer, the file would attempt to establish communications with a remote server to download additional malicious components.

Automatic Updates Become a Double-Edged Sword

Automatic updates are great, when they…

Source…

CS:GO hackers can inject malware to steal passwords; Valve yet to fix the vulnerability

April 11, 2021/in Computer Security

A new vulnerability related to CS:GO has come to light, as The Secret Club, a not-for-profit reverse-engineering group, tweeted about a security flaw in CS:GO, which hackers can use to run programs on a user’s system.

This potentially means hackers can steal skins and passwords and inject malware into a CS:GO player’s system using the flaw, which is technically called a remote code execution flaw.

Two years ago, The Secret Club members discovered this vulnerability in Valve’s game and let Valve know about it through a bug-bounty platform called HackerOne.

Valve is a customer of HackerOne, which provides cybersecurity solutions to many more big companies, like Uber, Goldman Sachs, and Nintendo, to name a few.

in simple terms, it is no longer safe to play @CSGO at all if you care about your PC or personal Data because then forget it @valvesoftware sense of security is none existent just like their anti-cheat, it is time to invest into securing your services and getting an anti-cheat https://t.co/qDUTKMWGCn

— Anti-Cheat Police Department 🕵️ (@AntiCheatPD) April 10, 2021

Hackers can exploit CS:GO’s critical security flaw to breach user’s systems

From what is implied from different reputed sources, the ethical hackers are under a non-disclosure agreement with the HackerOne platform, which deters them from disclosing the vulnerability to the public.

As can be made out of the videos in the tweets of the Secret Club, hackers can use Steam invites to access a user’s system utilizing a remote code execution flaw that affects all source engine games, which includes CS:GO, Titanfall 1, Titanfall 2, Apex Legends, etc.

This is one of the first vulnerabilities that the Secret Club reported, and this was two years ago. To be precise, it was Florian from the Secret Club, and needless to say, this is still to be fixed from the side of Valve.

Two years ago, secret club member @floesen_ reported a remote code execution flaw affecting all source engine games. It can be triggered through a Steam invite. This has yet to be patched, and Valve is preventing us from publicly disclosing it. pic.twitter.com/0FWRvEVuUX

— secret club (@the_secret_club) April 10, 2021

In a second tweet on…

Source…

Hackers can pick off, inject wireless keyboard keystrokes from 8 vendors, maybe more

July 27, 2016/in Mobile Security

A vulnerability across at least eight brands of wireless keyboards lets hackers read keystrokes from 250 feet away, according to wireless security vendor Bastille.

The problem is that the keyboards transmit to their associated PCs without encryption, and it’s just a matter of reverse engineering the signals to figure out how to read what keys are being hit, say Bastille researchers. An attacker could inject keystrokes while the keyboard is idle and the machine is logged in, they say, using a dongle that can be fashioned for less than $ 100.

To read this article in full or to leave a comment, please click here

Network World Tim Greene

Tag Archive for: inject

Web3 Crypto Malware: Angel Drainer Overview

Injection Methods and Strategies

Full Impact Difficult To Assess

Automatic Updates Become a Double-Edged Sword

Hackers can exploit CS:GO’s critical security flaw to breach user’s systems