Tuesday, March 2, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

This sneaky malware goes to unusual lengths to cover its tracks

June 24, 2020
in Internet Security
Cybersecurity: This password-stealing hacking campaign is targeting governments around the world
587
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

A malware campaign which creates a backdoor providing full access to compromised Windows PC, while adding them to a growing botnet, has developed some unusual measures for staying undetected.

Glupteba first emerged in 2018 and started by gradually dropping more components into place on infected machines in its bid to create a backdoor to the system.

You might also like

Scientists have built this ultrafast laser-powered random number generator

SolarWinds security fiasco may have started with simple password blunders

Singapore eyes more cameras, technology to boost law enforcement

The malware is continuously in development and in the last few months it appears to have been upgraded with new techniques and tactics to coincide with a new campaign which has been detailed by cybersecurity researchers at Sophos.

The paper describes Glupteba as “highly self-defending malware” with the cyber criminal group behind it paying special attention to “enhancing features that enable the malware to evade detection”.

However, its method of distribution is relatively simple: it’s bundled in pirated software, including cracked versions of commercial applications, as well as illegal video game downloads. The idea is simply to get as many users to download compromised applications which contain the Glupteba payload as possible.

To ensure the best possible chance of a successful compromise, the malware is gradually dropped, bit-by-bit onto the system to avoid detection by any anti-virus software the user may have installed. The malware also uses the EternalBlue SMB vulnerability to help it secretly spread across networks.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

But that isn’t where the concealment and self-defence ends, because even after installation Glupteba goes out of its way to stay undetected.

“The creators seem to have spent an unusual amount of effort on reinforcing the bot’s stealth capabilities compared to other malware,” Andrew Brandt, principal researcher at Sophos told ZDNet.

Glupteba uses a number of software exploits is for privilege escalation, primarily so it can install a kernel driver the bot uses as a rootkit, and make other changes that weaken the security posture of an infected host. 

Sophos said the rootkit renders filesystem behavior invisible to the computer’s end user, and also protects any other file the malware decides to store in its application directory. A watcher process then monitors the rootkit and other components for any sign of failure or a crash, and can reinitialize the rootkit driver or restart a buggy component.

“They’ve also contrived a somewhat convoluted method to conceal their updates to command-and-control server addresses in plain sight, by staging those updates as encrypted data tied to transactions in the bitcoin blockchain,” Brandt added.

Glupteba’s latest campaign is described as relatively prolific, fitting in with what appears to be the aim of compromising as many computers as possible.

Currently, Glupteba’s main activity appears to be cryptocurrency mining. But the way it creates a backdoor into compromised computers, combined with the way in which those behind it look to be attempting to create a large botnet of readily available machines, suggests that the ultimate aim is to lease it out as a means of distributing other forms of malware to victims.

“I’d say the Glupteba attackers are angling to market themselves as a malware-delivery-as-a-service provider to other malware makers who value longevity and stealth over the noisy quick endgame of, for instance, a ransomware payload,” said Brandt.

The way in which those behind Glupteba regularly fix any bugs or crashes that emerge also provides evidence that they’re looking to maintain a smooth an operation as possible going forward.

The campaign is still active and attempting to recruit more machines into the botnet but the simplest way users can avoid falling victim to Glupteba is buy ensuring the critical security update issued to protect against EternalBlue is installed.

Microsoft released the patch in 2017, but EternalBlue remains successful because of the significant number of Microsoft Windows systems around the world which haven’t had it installed, putting them at risk of falling victim to this and other malware.

Users should also be wary of downloading applications – especially cracked ones – from untrusted sources.

“The normal general precautions apply here as much as anywhere else: Don’t run stuff you shouldn’t, keep everything patched, and always make sure you have some sort of malware protection on your computer,” said Brandt.

READ MORE ON CYBERSECURITY

Credit: Zdnet

Previous Post

Google's new ML Kit SDK keeps all machine learning on the device

Next Post

What Impact Do AI and ML Have on Security Testing?

Related Posts

Scientists have built this ultrafast laser-powered random number generator
Internet Security

Scientists have built this ultrafast laser-powered random number generator

March 2, 2021
SolarWinds security fiasco may have started with simple password blunders
Internet Security

SolarWinds security fiasco may have started with simple password blunders

March 2, 2021
Singapore eyes more cameras, technology to boost law enforcement
Internet Security

Singapore eyes more cameras, technology to boost law enforcement

March 2, 2021
Free cybersecurity tool aims to help smaller businesses stay safer online
Internet Security

Free cybersecurity tool aims to help smaller businesses stay safer online

March 2, 2021
Judge approves $650m settlement for Facebook users in privacy, biometrics lawsuit
Internet Security

Judge approves $650m settlement for Facebook users in privacy, biometrics lawsuit

March 1, 2021
Next Post
What Impact Do AI and ML Have on Security Testing?

What Impact Do AI and ML Have on Security Testing?

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

The case for Bayesian Learning in mining
Machine Learning

The case for Bayesian Learning in mining

March 2, 2021
Scientists have built this ultrafast laser-powered random number generator
Internet Security

Scientists have built this ultrafast laser-powered random number generator

March 2, 2021
Companies in the Global Data Science Platforms Resorting to Product Innovation to Stay Ahead in the Game
Data Science

Companies in the Global Data Science Platforms Resorting to Product Innovation to Stay Ahead in the Game

March 2, 2021
Aries becomes next Hyperledger project graduating to active status
Blockchain

Aries becomes next Hyperledger project graduating to active status

March 2, 2021
Government trialling machine learning tech to detect pests at shipping ports
Machine Learning

Government trialling machine learning tech to detect pests at shipping ports

March 2, 2021
Data Annotation Service: a Potential and Problematic Industry Behind AI | by ByteBridge
Neural Networks

Data Annotation Service: a Potential and Problematic Industry Behind AI | by ByteBridge

March 2, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • The case for Bayesian Learning in mining March 2, 2021
  • Scientists have built this ultrafast laser-powered random number generator March 2, 2021
  • Companies in the Global Data Science Platforms Resorting to Product Innovation to Stay Ahead in the Game March 2, 2021
  • Aries becomes next Hyperledger project graduating to active status March 2, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates