Tag Archive for: manager

ZenRAT Malware Targets Windows Users Via Fake Bitwarden Password Manager Installation Package

/in


Windows operating systems are the target of new malware dubbed ZenRAT by U.S.-based cybersecurity company Proofpoint. The attackers built a website that impersonates the popular Bitwarden password manager; if accessed via Windows, the fake site delivers the ZenRAT malware disguised as Bitwarden software. It’s currently unknown if the malware is used by threat actors for cyberespionage or for financial fraud.

We’ll delve into the technical details and share more information from Proofpoint researchers, as well as provide tips on mitigating this ZenRAT malware threat.

Jump to:

What is ZenRAT malware, and what happens when it’s executed?

ZenRAT is malware developed in .NET. It was previously unreported and specifically targets Microsoft Windows operating systems. Once executed, the ZenRAT malware queries the system to gather information:

  • CPU and GPU names.
  • Operating system version.
  • RAM capabilities.
  • IP address and gateway IP address.
  • Installed software including antivirus.

The data is sent as a ZIP archive file to its command and control server, along with stolen browser data and credentials. The ZIP file contains two files named InstalledApps.txt and SysInfo.txt. Proofpoint told TechRepublic that they ” … observed ZenRAT stealing data from both Chrome and Firefox” and believe “It’s reasonable to assume that it would have support for most Chromium-based browsers.”

The malware executes several checks when running. For starters, it checks that it doesn’t operate from Belarus, Kyrgyzstan, Kazakhstan, Moldova, Russia or Ukraine.

Then, the malware ensures it doesn’t already run on the system by checking for a specific mutex and that the hard drive isn’t less than 95GB in size, which might indicate a sandbox system to the malware. It also checks for known virtualization products’ process names to verify it isn’t running in a virtualized environment.

Once the checks have been passed, the malware sends a ping command to be sure it’s connected to the internet, and checks if there is an update for the malware.

In addition, the malware has the ability to send its log files to the C2 server in clear text, probably for debugging…

Source…

Supply chain attack spread Linux malware via free download manager site

/in


Linux users have been targeted by a supply chain attack that exploited a download manager website to facilitate Bash stealer deployment from 2020 to 2022, The Hacker News reports.

Threat actors compromised the “freedownloadmanager[.]org” website in January 2020 to redirect to another domain with a malicious Debian package that eventually resulted in the delivery of the crond backdoor and the Bash information-stealing malware, which sought to exfiltrate cloud service credentials, system information, cryptocurrency wallet files, and saved passwords, according to a Kaspersky report.

Detection of the now inactive campaign has been hampered by the absence of the Debian package in some of the targets that downloaded the software.

“While the campaign is currently inactive, this case of Free Download Manager demonstrates that it can be quite difficult to detect ongoing cyberattacks on Linux machines with the naked eye. Thus, it is essential that Linux machines, both desktop and server, are equipped with reliable and efficient security solutions,” said researchers.

Source…

Norton Password Manager Hack Results in Huge Security Breach for Users!

/in


1

Editorial Note – Parent company Gen Digital has reached out to us just to confirm that the issue is 100% entirely contained within Norton Password Manager and we would like to clarify, just in case of any ambiguity, that this article bears no reflection on Gen Digital’s other online security interests.

It is, of course, good security practice to have a complex password for your various online accounts. – With this in mind, however, the downside to this is that a good password is typically very difficult to remember. As such, password management software has become rather popular in recent years as effectively representing a one-stop secure depository for all your log-in information.

If you did, however, happen to use Norton Password Manager, then be warned! – Following a report via BleepingComputer, parent company Gen Digital has confirmed a huge security breach which has effectively seen every single user account, at least for a pretty period of time, potentially compromised!

And yes, I think this is what they call irony…

password passwords

Norton Password Manager Users Warned Data Has Been Compromised!

According to the report, unknown person/s managed to obtain highly sensitive log-in information for Norton Password Manager via the Dark Web which, in basic terms, gave them ‘admin’ level access to the service. Through this, they could literally view and access any account, and yes, this includes the saved log-in information.

Now, admittedly, from an individual level, the chances that you have been affected by this breach are very slim. With that being said though, is this really a risk you would want to take? – Just when you thought this couldn’t get any more alarming, however, it would appear that this breach occurred over 6 weeks ago, and with it only just now being publically disclosed, that doesn’t exactly do much to help the reputation of Norton Password Manager nor its user base!

Put simply though, if you happen to use this product to manage your online security, expect an email at pretty much any moment detailing the breach. – For the interim, however, I would strongly advise you to access all the accounts you store on there and ensure you have,…

Source…

Ugh! Norton LifeLock password manager accounts accessed by hackers • Graham Cluley

/in


Ugh! Norton LifeLock password manager accounts accessed by hackers

What’s happened?

If you use Norton lifeLock as your password manager, your account may have been compromised.

Woah. What???

According to Bleeping Computer, Gen, the company behind Norton LifeLock (and other brands including Avast, Avira, AVG, ReputationDefender, and CCleaner), is sending data breach notifications to some of its customers warning that their accounts have been accessed following a credential-stuffing attack.

So Norton LifeLock got hacked?

I’d argue that’s an unfair way to describe what’s happened.

Norton LifeLock didn’t screw up anything like as badly as fellow password manager LastPass did in its recent horrendous hack.

In fact, in the notification being sent to affected Norton LifeLock customers, the company says:

Our own systems were not compromised. However, we strongly believe that an unauthorized third party knows and has utilized your username and password for your account.

But how did a hacker find out the username and password to so many people’s LifeLock accounts?

Credential-stuffing attacks take advantage of the fact that many people still make the mistake of reusing the same passwords in different places on the internet.

If one service gets breached and its password database stolen, hackers can fling those credentials at other online accounts – to see if they might unlock something desirable elsewhere.

When did this attack happen?

The company says that the unauthorised access to customer accounts began on December 1 2022, but things heated up considerably on December 12 when a “large volume” of failed account logins occurred.

What did the hackers access in Norton LifeLock accounts?

The data breach notification says that users’ names, phone numbers, and mailing addresses have been accessed, but TechCrunch reports that the company “cannot rule out that the intruders also accessed customers’ saved passwords.”

Gulp!

What can be done to stop this kind of attack?

Well, the first thing is to STOP REUSING PASSWORDS (Sorry for shouting, but I’ve been saying this for years…)

The other thing you can do is enable two-factor authentication (2FA) on your accounts, which adds an additional layer of protection even if your password…

Source…