Sunday, February 28, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

This new, unusual Trojan promises victims COVID-19 tax relief

May 16, 2020
in Internet Security
This new, unusual Trojan promises victims COVID-19 tax relief
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

A new Trojan malware sample has appeared on the radar of cybersecurity researchers following evidence it may be being used in coronavirus-related phishing schemes. 

First noticed by MalwareHunterTeam, the Trojan sample was connected to a file, “Company PLP_Tax relief due to Covid-19 outbreak CI+PL.jar,” and was only detected at first by ESET’s antivirus engine. 

You might also like

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

Cybercrime groups are selling their hacking skills. Some countries are buying

Why would you ever trust Amazon’s Alexa after this?

Dubbed QNodeService, the Trojan lands on systems through a Java downloader embedded in the .jar file, Trend Micro researchers said on Thursday. 

The malware is unusual as it is written in Node.js, a language primarily reserved for web server development.

“However, the use of an uncommon platform may have helped evade detection by antivirus software,” the team notes.

The Java downloader, obfuscated via Allatori in the lure document, grabs the Node.js malware file — either “qnodejs-win32-ia32.js” or “qnodejs-win32-x64.js” — alongside a file called “wizard.js.” 

Either a 32-bit or 64-bit version of Node.js is downloaded depending on the Windows system architecture on the target machine. 

Wizard.js’ job is to facilitate communication between QNodeService and its command-and-control (C2) server, as well as to maintain persistence through the creation of Run registry keys.  

After executing on an impacted system, QNodeService is able to download, upload, and execute files; harvest credentials from the Google Chrome and Mozilla Firefox browsers, and perform file management. 

CNET: US accuses China of trying to hack coronavirus vaccine research

In addition, the Trojan can steal system information including IP address and location, download additional malware payloads, and transfer stolen data to the C2. 

These functions are typical of many Trojan variants, but there is an interesting function — the “http-forward” command — which allows attackers to download files without directly connecting to a victim’s PC. 

“A valid request path and access token are required to access files on the machine,” Trend Micro says. “The C2 server must first send “file-manager/forward-access” to generate the URL and access token to use for the http-forward command later.”

Trend Micro says that the malware is focused on Windows machines but there are indicators in the code that “cross-platform compatibility may be a future goal.”

TechRepublic: Phishing campaign exploits Symantec URL Protection to cover its tracks

Earlier this month, IBM Security researchers documented changes noticed in the Zeus Sphinx banking Trojan due to its integration with new COVID-19 phishing campaigns. 

The Trojan has been relatively dormant for years, but now, Zeus Sphinx is receiving frequent upgrades, including C2 and encryption changes. 

The malware has been spotted in fraudulent campaigns that promise victims coronavirus relief payments and assistance. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0



Credit: Zdnet

Previous Post

Integrating Data Science and IT Operations with MLOps Capabilities

Next Post

$20M to help machine learning map the immune system

Related Posts

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit
Internet Security

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

February 28, 2021
Cybercrime groups are selling their hacking skills. Some countries are buying
Internet Security

Cybercrime groups are selling their hacking skills. Some countries are buying

February 28, 2021
Why would you ever trust Amazon’s Alexa after this?
Internet Security

Why would you ever trust Amazon’s Alexa after this?

February 28, 2021
Microsoft: We’ve open-sourced this tool we used to hunt for code by SolarWinds hackers
Internet Security

Microsoft: We’ve open-sourced this tool we used to hunt for code by SolarWinds hackers

February 27, 2021
Oxford University lab with COVID-19 research links targeted by hackers
Internet Security

Oxford University lab with COVID-19 research links targeted by hackers

February 27, 2021
Next Post
$20M to help machine learning map the immune system

$20M to help machine learning map the immune system

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit
Internet Security

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

February 28, 2021
Machine Learning as a Service (MLaaS) Market 2020 Emerging Trend and Advancement Outlook 2025
Machine Learning

Key Company Profile, Production Revenue, Product Picture and Specifications 2025

February 28, 2021
Cybercrime groups are selling their hacking skills. Some countries are buying
Internet Security

Cybercrime groups are selling their hacking skills. Some countries are buying

February 28, 2021
New AI Machine Learning Reduces Mental Health Misdiagnosis
Machine Learning

Machine Learning May Reduce Mental Health Misdiagnosis

February 28, 2021
Why would you ever trust Amazon’s Alexa after this?
Internet Security

Why would you ever trust Amazon’s Alexa after this?

February 28, 2021
AI & ML Are Not Same. Here's Why – Analytics India Magazine
Machine Learning

AI & ML Are Not Same. Here's Why – Analytics India Magazine

February 27, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit February 28, 2021
  • Key Company Profile, Production Revenue, Product Picture and Specifications 2025 February 28, 2021
  • Cybercrime groups are selling their hacking skills. Some countries are buying February 28, 2021
  • Machine Learning May Reduce Mental Health Misdiagnosis February 28, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates