Saturday, February 27, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Cloud Atlas threat group updates weaponry with polymorphic malware

August 13, 2019
in Internet Security
Cloud Atlas threat group updates weaponry with polymorphic malware
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

This Android malware will spread by sending SMS messages to your contact list
Filecoder isn’t perfect malware but has the potential to become a serious threat.

The Cloud Atlas advanced persistent threat (APT) group has updated its weapons portfolio with polymorphic components that produce unique code for each infection. 

You might also like

Chrome will soon try HTTPS first when you type an incomplete URL

Go malware is now common, having been adopted by both APTs and e-crime groups

Why your diversity and inclusion efforts should include neurodiverse workers

Cloud Atlas, also known as inception, was first discovered by researchers in 2014 following attacks in Russia and Kazakhstan. At the time, the APT utilized CVE-2012-0158, an old vulnerability in Microsoft Office that can be exploited to perform remote code execution (RCE) attacks.

The threat actors remain active to the present day and have, once again, been linked to attacks in Russia, as well as Portugal, Romania, Turkey, Ukraine, and other countries. 

On Monday, Kaspersky researchers said the spate of recent attacks is focused on “international economics and aerospace industries.”

See also: Threesome app exposes user data, locations from London to the White House

In a blog post, the cybersecurity firm said the group is employing “a novel way of infecting its victims and conducts lateral movement through [a] network.”

The first step in the infection chain is for hackers to send a phishing email to a high-value target. Each message includes a Microsoft Office document attachment which contains remote templates that, upon download, will deliver and execute malicious payloads. 

A malicious HTML app will collect basic operating system information and download another module called VBShower. VBShower will remove as much evidence of infection from the target machine as possible and will also set up a communication channel between the malware and the operator’s command-and-control (C2) server.   

CNET: DARPA’s $10 million voting machine couldn’t be hacked at Defcon (for the wrong reasons)

Both the HTML and VBShower components are polymorphic, which means that their characteristics continually change in order to avoid detection by signature-based antivirus and security solutions. 

“This updated version is carried out in order to make the malware invisible to security solutions relying on familiar Indicators of Compromise (IoCs),” Kaspersky says. “This means that the code in both modules will be new and unique in each case of infection.”

screenshot-2019-08-12-at-12-45-15.png

VBShower will also download another malicious module via VBS implant called PowerShower, which is a document stealer able to harvest .txt, .pdf, .xls or .doc files. Any document smaller than 5MB in size and that has been modified within 48 hours prior to infection will be stolen and sent to the C2. 

This PowerShell-based module is also able to receive further PowerShell and VBS modules for execution on a victim’s machine, and contains a spying component which grabs lists of active processes — but this code does not appear to be fully active at this stage. 

TechRepublic: Top 10 IT trends of the last 20 years

The APT group also uses a password grabber by way of the abuse of an open-source credentials recovery tool called LaZagne. Another backdoor used by Cloud Atlas may also be downloaded and executed, which was discovered five years ago and has not changed. 

Current Indicators of Compromise (IoCs) can be found here. 

In related news this month, Zscaler researchers published their findings on a new Trojan, dubbed Saefko, which specializes in the theft of banking credentials and cryptocurrency wallets. The malware is being actively sold in underground forums. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


Credit: Zdnet

Previous Post

Get Lifetime Access to Cisco Certification Courses 2019

Next Post

Artificial Intelligence (AI) Market Projected to Reach US$ 202.57 Bn by 2026; Increasing Adoption of Cloud-based Applications and Services to Boost Growth, says Fortune Business Insights

Related Posts

Chrome will soon try HTTPS first when you type an incomplete URL
Internet Security

Chrome will soon try HTTPS first when you type an incomplete URL

February 27, 2021
Go malware is now common, having been adopted by both APTs and e-crime groups
Internet Security

Go malware is now common, having been adopted by both APTs and e-crime groups

February 27, 2021
Why your diversity and inclusion efforts should include neurodiverse workers
Internet Security

Why your diversity and inclusion efforts should include neurodiverse workers

February 26, 2021
Attorney-General urged to produce facts on US law enforcement access to COVIDSafe
Internet Security

Attorney-General urged to produce facts on US law enforcement access to COVIDSafe

February 26, 2021
This chart shows the connections between cybercrime groups
Internet Security

This chart shows the connections between cybercrime groups

February 26, 2021
Next Post
Artificial Intelligence (AI) Market Projected to Reach US$ 202.57 Bn by 2026; Increasing Adoption of Cloud-based Applications and Services to Boost Growth, says Fortune Business Insights

Artificial Intelligence (AI) Market Projected to Reach US$ 202.57 Bn by 2026; Increasing Adoption of Cloud-based Applications and Services to Boost Growth, says Fortune Business Insights

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Chrome will soon try HTTPS first when you type an incomplete URL
Internet Security

Chrome will soon try HTTPS first when you type an incomplete URL

February 27, 2021
Cisco Releases Security Patches for Critical Flaws Affecting its Products
Internet Privacy

Cisco Releases Security Patches for Critical Flaws Affecting its Products

February 27, 2021
Levels of Measurement (Nominal, Ordinal, Interval, Ratio) in Statistics
Data Science

Levels of Measurement (Nominal, Ordinal, Interval, Ratio) in Statistics

February 27, 2021
An Epic cognitive computing platform primer
Machine Learning

An Epic cognitive computing platform primer

February 27, 2021
Tackling ethics in AI algorithms: the case of Salesforce | by Iflexion | Feb, 2021
Neural Networks

Tackling ethics in AI algorithms: the case of Salesforce | by Iflexion | Feb, 2021

February 27, 2021
Take our martech survey: Friday’s daily brief
Digital Marketing

Take our martech survey: Friday’s daily brief

February 27, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Chrome will soon try HTTPS first when you type an incomplete URL February 27, 2021
  • Cisco Releases Security Patches for Critical Flaws Affecting its Products February 27, 2021
  • Levels of Measurement (Nominal, Ordinal, Interval, Ratio) in Statistics February 27, 2021
  • An Epic cognitive computing platform primer February 27, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates