Sunday, March 7, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Asruex Trojan exploits old Office, Adobe bugs to backdoor your system

August 24, 2019
in Internet Security
Asruex Trojan exploits old Office, Adobe bugs to backdoor your system
588
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Data-stealing malware returns upgraded with cryptominer and trojan
Large parts of the Scranos operation were taken out in April – but it’s already back and the criminals behind it seem more determined than ever, adding a trojan and a cryptojacker to their adware scheme.

An Asruex variant which specifically uses old Microsoft Office and Adobe vulnerabilities to infect systems has been spotted by researchers.

You might also like

Maza Russian cybercriminal forum suffers data breach

Okta and Auth0: A $6.5 billion bet that identity will warrant its own cloud

CISA issues emergency directive to agencies: Deal with Microsoft Exchange zero-days now

Asruex first appeared in 2015. The Trojan originally used malicious shortcut files, sent to organizations, which downloaded a dropper for the Asruex payload hidden in an image file to compromise corporate networks. 

The malware has previously been associated with DarkHotel, an advanced persistent threat (APT) group known for targeting the hotel and service industry. 

These cyberattackers utilize a range of attack vectors, including the misuse of stolen certificates, the use of .HTA files and the infiltration of hotel Wi-Fi networks. 

On Thursday, researchers from Trend Micro said the new Asruex variant, discovered in malicious .PDF files used in phishing campaigns, makes use of CVE-2012-0158 and CVE-2010-2883. 

See also: Cybersecurity: This trojan malware being offered for free could cause hacking spike

CVE-2012-0158 is a critical bug impacting Microsoft Office. Reported in 2012, the vulnerability can be exploited to conduct remote code execution (RCE) attacks via system state corruption. 

CVE-2010-2883, an even older security flaw disclosed in 2010, is an Adobe Reader and Acrobat stack buffer overflow issue which can be utilized to execute arbitrary code or cause a denial of service. 

Asruex exploits these vulnerabilities to compromise systems running old versions of the software on Windows and Mac machines, despite patches having been made available for years. 

“Because of this unique infection capability, security researchers might not consider checking files for an Asruex infection and continue to watch out for its backdoor abilities exclusively,” Trend Micro says. 

CNET: Google removes 200 YouTube channels over Hong Kong misinformation

The .PDF file sample was not, itself, malicious, but rather was a carrier of an Asruex infection. If opened by an old version of Reader and Acrobat, the content of the file is displayed normally but the malware will begin running in the background. Infected Word files will also act in the same way. Asruex may also appear as a standard executable.

screenshot-2019-08-23-at-08-47-20.png

Once executed on a target system, Asruex will check system data including running processes, module versions, file names, and certain strings in disk names to ascertain whether or not the malware is running in a sandbox environment. 

If the PC passes these checks, the malware’s backdoor is installed and data theft can begin. Asruex may also be used for ongoing, covert surveillance.

TechRepublic: Why hackers still impersonate Microsoft more than any other company

“This case is notable for its use of vulnerabilities that have been discovered (and patched) over five years ago, when we’ve been seeing this malware variant in the wild for only a year,” Trend Micro says. “This hints that the cybercriminals behind it had devised the variant knowing that users have not yet patched or updated to newer versions of the Adobe Acrobat and Adobe Reader software.”

A new Trojan, discovered by Zscaler ThreatLabZ researchers, has also recently been making the rounds. Earlier this month, the team said the new malware strain, dubbed Saefko, is being sold in underground forums and contains a range of tools for the theft of bank details, online gaming accounts, and cryptocurrency wallets. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


Credit: Zdnet

Previous Post

Top Pro Athletes Like Messi Would Make a Killing in Bitcoin Earnings

Next Post

Call for code of practice to oversee machine learning in policing | News

Related Posts

Maza Russian cybercriminal forum suffers data breach
Internet Security

Maza Russian cybercriminal forum suffers data breach

March 7, 2021
Okta and Auth0: A $6.5 billion bet that identity will warrant its own cloud
Internet Security

Okta and Auth0: A $6.5 billion bet that identity will warrant its own cloud

March 7, 2021
CISA issues emergency directive to agencies: Deal with Microsoft Exchange zero-days now
Internet Security

CISA issues emergency directive to agencies: Deal with Microsoft Exchange zero-days now

March 7, 2021
Linux distributions: All the talent and hard work that goes into building a good one
Internet Security

Linux distributions: All the talent and hard work that goes into building a good one

March 7, 2021
Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool
Internet Security

Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool

March 7, 2021
Next Post
Call for code of practice to oversee machine learning in policing | News

Call for code of practice to oversee machine learning in policing | News

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Machine Learning Market Expansion Projected to Gain an Uptick During 2021-2027
Machine Learning

Machine Learning Market Expansion Projected to Gain an Uptick During 2021-2027

March 7, 2021
Maza Russian cybercriminal forum suffers data breach
Internet Security

Maza Russian cybercriminal forum suffers data breach

March 7, 2021
Clinical presentation of COVID-19 – a model derived by a machine learning algorithm
Machine Learning

Clinical presentation of COVID-19 – a model derived by a machine learning algorithm

March 7, 2021
Okta and Auth0: A $6.5 billion bet that identity will warrant its own cloud
Internet Security

Okta and Auth0: A $6.5 billion bet that identity will warrant its own cloud

March 7, 2021
Researchers at Utrecht University Develop an Open-Source Machine Learning (ML) Framework Called ASReview to Help Researchers Carry Out Systematic Reviews
Machine Learning

Researchers at Utrecht University Develop an Open-Source Machine Learning (ML) Framework Called ASReview to Help Researchers Carry Out Systematic Reviews

March 7, 2021
CISA issues emergency directive to agencies: Deal with Microsoft Exchange zero-days now
Internet Security

CISA issues emergency directive to agencies: Deal with Microsoft Exchange zero-days now

March 7, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Machine Learning Market Expansion Projected to Gain an Uptick During 2021-2027 March 7, 2021
  • Maza Russian cybercriminal forum suffers data breach March 7, 2021
  • Clinical presentation of COVID-19 – a model derived by a machine learning algorithm March 7, 2021
  • Okta and Auth0: A $6.5 billion bet that identity will warrant its own cloud March 7, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates