Tag: Installers | SpinSafe

BazarLoader Attacks Use Compromised Software Installers

November 23, 2021/in Internet Security

Researchers have observed the BazarLoader information stealer, known for providing initial access for various ransomware affiliates, expanding its delivery methods to now include the use of compromised software installers and the abuse of ISO files.

The loader, which was first observed in April 2020, primarily acts as a delivery mechanism for second-stage malware, including several high-profile ransomware families like Ryuk, Conti and Zeppelin. Over the past year, researchers have observed an increase in BazarLoader (along with Trickbot) deliveries, which they said have likely led to a corresponding increase in Conti ransomware attacks since June.

“The number of arrival mechanism variations used in BazarLoader campaigns continue to increase as threat actors diversify their attack patterns to evade detection,” said Ian Kenefick, threat analyst with Trend Micro, in a Tuesday analysis.

Previously, BazarLoader relied on a unique delivery mechanism that researchers with Proofpoint said they observed since February, which leveraged a combination of emails and phone-based “customer service representatives” for carrying out attacks. Here, spam emails instructed victims to call a phone number, which led to an attacker-controlled call center that gave victims a URL and directed them to download a malicious file. This tactic also helped attackers bypass email protection filters that would block out malicious links or attachments. Researchers with Palo Alto Network’s Unit 42 team in July also observed BazarLoader spread via a copyright violation-themed campaign using ZIP archives, and through English-language emails sent by the TA551 threat group.

In new attacks, which targeted victims in the Americas, researchers observed BazarLoader attackers expanding their delivery methods to use legitimate, compromised installers – versions of the VLC media player and TeamViewer remote access and remote control software – and convincing victims to download them. After these installers loaded, they dropped a BazarLoader executable, which is another notable difference from recent BazarLoader delivery methods that instead relied on dynamic link libraries (DLLs).

“While the…

Source…

Fake Windows 11 installers are used to infect PC with malware

July 28, 2021/in Computer Security

Windows 11 was officially unveiled by Microsoft on July 24. rogue installers of the new operating system are being used by criminals to infect users’ PCs with malware.

Windows Insider is the only official way to get Windows 11 right now. With the help of Microsoft’s Windows Update program, users can download a trial version of the new operating system. Although Microsoft hasn’t released an ISO for clean installation, that hasn’t stopped criminals from distributing fake versions of the operating system’s installer.

As a result, many users are still downloading Windows 11 from other sources, which contain malicious programs offered by cybercriminals instead of the operating system, according to Kaspersky Labs.

According to an alert from security company Kaspersky, criminals are distributing a file with the name ” 86307_windows 11 build 21996.1 x64 + activator.exe”. It is approximately 1.7 GB in size, this space is occupied by a DLL file full of useless information. If the user clicks on the supposed installer, they will see a screen like the one below that says that the file is a download manager, which will download and install Windows 11, activate it and install additional applications ”:

If the user continues, various malicious applications will be installed on the computer. Kaspersky says that adware (applications that display ads) and Trojans, programs created specifically to steal users’ login credentials, are installed. The security company said its solutions have detected thousands of infection attempts using bogus Windows 11 installers as bait.

Kaspersky’s recommendation for users interested in trying Windows 11 is to join the Windows Insider program , or wait until the official ISO is available.

Click here to post a comment for this news story on the message forum.

Source…

Hack Brief: Fake Adobe Flash Installers Come With a Little Malware Bonus

October 12, 2018/in Computer Security

Hack Brief: Fake Adobe Flash Installers Come With a Little Malware Bonus WIRED

Cryptocurrency Malware Found in Adobe Flash The Mac Observer
Spoof Adobe Flash updaters are inserting cryptocurrency mining malware Digital Trends
Hackers Pushing Cryptojacking Malware Through Fake Adobe Flash Updaters Unhashed

Full coverage

malware news – read more

Tag Archive for: Installers