Wednesday, April 14, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

This old trojan malware is back with a new trick to help it hide in plain sight

October 29, 2019
in Internet Security
This old trojan malware is back with a new trick to help it hide in plain sight
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

New variant of trojan malware puts your personal information at risk
NanoCore RAT can steal passwords, payment details, and secretly record audio and video of Windows users.

A form of trojan malware which has been used by cyber criminals to steal login credentials and other information from victims for over five years has been updated with the ability to hide in plain sight by using legitimate Java commands to mask its malicious behaviour.

You might also like

Microsoft April patch download covers 114 CVEs including new Exchange Server bugs

Cybersecurity: Victims are spotting cyber attacks much more quickly – but there’s a catch

Samsung’s new Galaxy Quantum 2 uses quantum cryptography to secure apps

The Adwind remote access trojan (RAT) – also known as AlienSpy and jRAT – first emerged in 2013 and is available ‘as-a-service’ to criminals who want to use its credential, keylogging, audio recording and other trojan malware capabilities against victims.

The malware can target users of several major operating systems and typically infects victims via phishing emails, compromised software downloads or malicious websites.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

Now a new variant of the malware has emerged which appears to specifically target Windows and common Windows applications including Internet Explorer and Outlook, along with Chromium-based browsers including Brave – which was only released this year.

Detailed by researchers at Menlo Security, the latest incarnation of Adwind is delivered by a JAR (Java Archive) file, with its malicious intent obfuscated behind several layers of packaging and encryption in order to make signature-based detection ineffective.

Once the malware has unpacked a list of command and control server addresses, Adwind is activated and is able to receive instructions and send stolen information back to the hosts – including bank credentials, business application logins and any passwords saved in a browser.

This latest version of Adwind also masks its behaviour while doing this by acting like any other Java command, allowing the activity to occur while remaining undetected. 

The authors do this by hiding malicious JAR files amongst a number of legitimate JAR applications, using encryption to make it hard to detect the initial JAR file and by loading additional JAR files from a remote server. All of this makes it difficult to detect abnormal activity.

“It’s like wading through a crowd of a million people and trying to pick out the one person wearing a green undershirt without being able to look under people’s jackets. There’s nothing suspicious about its existence, its appearance or even its initial behaviour. Everything about it seems normal.” said Krishnan Subramanian, security researcher at Menlo Labs.

However, Adwind does let the mask slip in one way: when it sends stolen credentials to a remote server, it uses commands that are not associated with Java – although by the time the malware is sending information back to the attackers, the damage has already been done.

SEE: Ransomware: Prepare for hackers launching even more destructive malware attacks

That means organisations need to have a hand on what’s happening on the network so attacks can be stopped before they do damage – and to be mindful of unexpected files in the system.

“From a detection standpoint, good visibility on web and email traffic is a must. These jRAT filenames seem to have a pattern by using common financial terms like “Remittance”, “Payment”, “Advice,”. It’s always a good idea to check the filename of a Java Application before invoking it,” said Subramanian.

MORE ON CYBERCRIME

Credit: Zdnet

Previous Post

How MSPs can become Managed Detection and Response (MDR) Providers

Next Post

ElectrifAi, Global Leader in Practical AI and Machine Learning, Announces the Appointment of Two Senior Vice Presidents | State

Related Posts

Microsoft April patch download covers 114 CVEs including new Exchange Server bugs
Internet Security

Microsoft April patch download covers 114 CVEs including new Exchange Server bugs

April 14, 2021
Cybersecurity: Victims are spotting cyber attacks much more quickly – but there’s a catch
Internet Security

Cybersecurity: Victims are spotting cyber attacks much more quickly – but there’s a catch

April 14, 2021
Samsung’s new Galaxy Quantum 2 uses quantum cryptography to secure apps
Internet Security

Samsung’s new Galaxy Quantum 2 uses quantum cryptography to secure apps

April 14, 2021
Brave browser disables Google’s FLoC tracking system
Internet Security

Brave browser disables Google’s FLoC tracking system

April 13, 2021
These new vulnerabilities put millions of IoT devices at risk, so patch now
Internet Security

These new vulnerabilities put millions of IoT devices at risk, so patch now

April 13, 2021
Next Post
ElectrifAi, Global Leader in Practical AI and Machine Learning, Announces the Appointment of Two Senior Vice Presidents | State

ElectrifAi, Global Leader in Practical AI and Machine Learning, Announces the Appointment of Two Senior Vice Presidents | State

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Microsoft April patch download covers 114 CVEs including new Exchange Server bugs
Internet Security

Microsoft April patch download covers 114 CVEs including new Exchange Server bugs

April 14, 2021
RCE Exploit Released for Unpatched Chrome, Opera, and Brave Browsers
Internet Privacy

RCE Exploit Released for Unpatched Chrome, Opera, and Brave Browsers

April 14, 2021
DSC Weekly Digest 01 March 2021
Data Science

DSC Weekly Digest 12 April 2021

April 14, 2021
ML Ops and the Promise of Machine Learning at Scale
Machine Learning

ML Ops and the Promise of Machine Learning at Scale

April 14, 2021
How to Enter Your First Zindi Competition | by Davis David
Neural Networks

How to Enter Your First Zindi Competition | by Davis David

April 14, 2021
B2B Content Marketing – Facing Challenges
Marketing Technology

B2B Content Marketing – Facing Challenges

April 14, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Microsoft April patch download covers 114 CVEs including new Exchange Server bugs April 14, 2021
  • RCE Exploit Released for Unpatched Chrome, Opera, and Brave Browsers April 14, 2021
  • DSC Weekly Digest 12 April 2021 April 14, 2021
  • ML Ops and the Promise of Machine Learning at Scale April 14, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates