Tag: insidious | SpinSafe

Mystery hackers are “hyperjacking” targets for insidious spying

October 1, 2022/in Computer Security

For decades, virtualization software has offered a way to vastly multiply computers’ efficiency, hosting entire collections of computers as “virtual machines” on just one physical machine. And for almost as long, security researchers have warned about the potential dark side of that technology: theoretical “hyperjacking” and “Blue Pill” attacks, where hackers hijack virtualization to spy on and manipulate virtual machines, with potentially no way for a targeted computer to detect the intrusion. That insidious spying has finally jumped from research papers to reality with warnings that one mysterious team of hackers has carried out a spree of “hyperjacking” attacks in the wild.

Today, Google-owned security firm Mandiant and virtualization firm VMware jointly published warnings that a sophisticated hacker group has been installing backdoors in VMware’s virtualization software on multiple targets’ networks as part of an apparent espionage campaign. By planting their own code in victims’ so-called hypervisors—VMware software that runs on a physical computer to manage all the virtual machines it hosts—the hackers were able to invisibly watch and run commands on the computers those hypervisors oversee. And because the malicious code targets the hypervisor on the physical machine rather than the victim’s virtual machines, the hackers’ trick multiplies their access and evades nearly all traditional security measures designed to monitor those target machines for signs of foul play.

“The idea that you can compromise one machine and from there have the ability to control virtual machines en masse is huge,” says Mandiant consultant Alex Marvi. And even closely watching the processes of a target virtual machine, he says, an observer would in many cases see only “side effects” of the intrusion, given that the malware carrying out that spying had infected a part of the system entirely outside its operating system.

Mandiant discovered the hackers earlier this year and brought their techniques…

Source…

Insidious Infostealer Malware Pwns Chrome Users And Bypasses Windows User Account Control

October 30, 2021/in Computer Security

infostealer malware tricks people to infect devices

If you were a threat actor, what better way to get a payload onto someone’s device than through a program that nearly everyone has installed like Google Chrome? Unfortunately, this appears to be what is happening with the Infostealer malware, masquerading as a legitimate update to the popular web browser from Google so that sensitive data or cryptocurrency can be stolen from a target machine.

Recently, the Rapid7 Managed Detection and Response team detected a malware campaign that installs its payload as “a Windows application after delivery via a browser ad service and bypasses User Account Control (UAC).” Once installed, this malware, dubbed Infostealer, works to take sensitive information such as credentials stored in the browser or cryptocurrency from an infected device. Furthermore, Infostealer also prevents browser updates and allows for command execution on a device which enables a multitude of other security concerns, including persistence on a device if Infostealer is eventually removed.

notif infostealer malware tricks people to infect devices

In any event, Infostealer gets onto a machine through a several-step process which starts when a user enables notifications in-browser, which is thought to be triggered by a compromised JavaScript file hosted on websites for advertising purposes. This permission change allows the website to push “toast notifications” to Windows, which can spam users or notify people of malicious fake software updates. The latter of these options was thought to be used by the malware campaign, making people believe they had a Chrome update and sending them to a realistic-looking update website.

fake site infostealer malware tricks people to infect devices

Once on this site, all a user needed to do was click the install button, and a Windows application with the malware would download and could be installed. The only thing that may raise some flags in this process is the name of the application file and the requirement to have the “Sideload apps” setting enabled, as this program did not come from the Microsoft Store. Otherwise, this software would be installed and run, allowing the malware to kick off its malicious process.

windows infostealer malware tricks people to infect devices

Thankfully, it appears that the malware is no longer being served at the discovered locations, but that does not mean it is…

Source…

Ransomware most insidious cyber threat facing UK

June 15, 2021/in Internet Security

While cyber warfare, espionage and other malicious activity backed by foreign states are pressing concerns from the perspective of an international relations specialist or foreign policy wonk, the past year and a half has demonstrated how and why ransomware is the most dangerous and insidious cyber security threat facing the country, according to National Cyber Security Centre (NCSC) CEO Lindy Cameron.

“What I find most worrying isn’t the activity of state actors. Nor is it an improbable cyber armageddon. What I worry most about is the cumulative effect of a potential failure to manage cyber risk and the failure to take the threat of cyber criminality seriously,” Cameron told a virtual audience at the Royal United Services Institute (RUSI) think tank’s annual security lecture.

“For the vast majority of UK citizens and businesses, and indeed for the vast majority of critical national infrastructure providers and government service providers, the primary threat is not state actors but cyber criminals, and in particular the threat of ransomware.”

Cameron said this had become more evident than ever before during the course of the pandemic, which had also served to demonstrate just how insidious ransomware actually is in terms of its impact not just on victims’ data, finances and reputation, but on operations that impact people’s lives.

“We have seen it affect the NHS with WannaCry, prevent students accessing classes in the last few weeks, and shut down local authorities at great cost to the public purse, meaning the public cannot access services, pay their bills or, in some cases, even buy a house,” she said.

In her speech, Cameron covered a good deal of ground with which the cyber community will be familiar, discussing trends such as the evolution of double extortion attacks and affiliate or ransomware-as-a-service (RaaS) “business models”, and as the increasing ‘professionalisation’ of ransomware operators, some of whom now conduct ransom negotiations with the air of a legitimate IT technical support desks.

Cameron urged business leaders to take the issue more seriously. “Some of the most powerful testimonies I’ve heard since starting this…

Source…

Insidious Android malware gives up all malicious features but one to gain stealth – We Live Security

May 22, 2020/in Mobile Security

Insidious Android malware gives up all malicious features but one to gain stealth We Live Security
“android security news” – read more

Tag Archive for: insidious