Tuesday, January 26, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

This Trojan attack adds a backdoor to your Windows PC to steal data

January 10, 2019
in Internet Security
This Trojan attack adds a backdoor to your Windows PC to steal data
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

A well-resourced and prolific hacking group is distributing a new strain of malware that gives the hackers remote desktop access as part of an information-stealing campaign targeting banks, retailers and businesses.

ServHelper malware has been active since November last year and installs a backdoor onto Windows PCs, providing attackers with remote access to compromised machines. But that isn’t where the attack ends: ServHelper also acts as a downloader for FlawedGrace, a family of trojan malware which first appeared in November 2017 and is described as “a full-featured” Remote Access Trojan.

You might also like

Google: North Korean hackers have targeted security researchers via social media

Data of BuyUcoin cryptocurrency exchange traders allegedly leaked online

That cute robot cop can instantly work out who you are

The combined ServHelper and FlawedGrace campaign has been detailed by researchers at Proofpoint. They attribute the attacks to TA505, a cybercrime group that has launched some of the largest cyber attacks of of recent years, such as the Dridex banking trojan and Locky ransomware. The group has been active since at least 2014.

ServHelper campaigns begin by spamming out phishing emails. The messages are basic, simply asking potential victims to open documents, often claimed to relate to bank transfers. However, because of the sheer number of messages sent at a time — tens of thousands of emails are distributed at once — the attackers seemingly believe they can catch out a significant proportion of users, despite the basic nature of the phishing attacks.

“TA505 has typically not employed heavy social engineering, relying instead on volume to find unwitting victims. That said, human curiosity and our conditioning to rapidly open emails and attachments are often enough even without sophisticated social engineering,” Chris Dawson, threat intelligence lead at Proofpoint told ZDNet.

A phishing email used to distribute the malware.


Image: Proofpoint

Those who open the attachments — and enable macros — enable ServHelper to be installed on the machine. Researchers note that this new form of malware is actively being developed, with new commands and functionality being added in almost every new campaign since it first appeared.

But ServHelper’s primary function has remained unchanged: it serves as a backdoor to allow attackers remote desktop access to the compromised device and allows attackers to hijack user accounts and web profiles — providing them with vast swathes of information about the infected victim.

That isn’t the end of the attack, however, because ServHelper is capable of downloading and executing another malware onto the compromised PC — FlawedGrace.

FlawedGrace first appeared for a brief period in November 2017 before disappearing and only re-emerging as part of the ServHelper campaign. Researchers suggest that “significant development” has taken place on FlawedGrace, which has been built using object-oriented and multithreaded programming techniques — a technique designed to make reverse-engineering and analysing the malware harder.

The remote access trojan capabilities of FlawedGrace mean it allows attackers to gain almost full control over an infected device. Given how the campaign targets banks and retailers, it’s likely that acquiring money is the ultimate goal of the attacks, be that through stealing banking credentials, or using corporate credentials to gain access to sensitive information which can be traded on for profit.

SEE: What is malware? Everything you need to know about viruses, trojans and malicious software

It’s believed that the ServHelper and FlawedGrace campaign remains active alongside another TA505 trojan malware campaign that emerged in late 2018. The group used to focus on ransomware, but has increasingly moved towards information stealers — and it’s likely they’ve opted to distribute different forms of malware to avoid detection and ensure maximum returns.

“The group has added a variety of malware to their toolkit over the years, with additions in 2018 focusing on RATs and loaders,” said Dawson.

“While we can only speculate on the reasoning behind their choices in malware, new malware gives them new opportunities to evade detection and shift, for example, from ransomware to bankers or bankers to RATs, with the accompanying opportunities to follow the money.”

Proofpoint has detailed information about Indicators of Compromise for ServHelper and FlawedGrace in their analysis of the malware.

READ MORE ON CYBER CRIME

Credit: Source link

Previous Post

New Systemd Privilege Escalation Flaws Affect Most Linux Distributions

Next Post

Beginner's Guide to Rust: Get to know Rust

Related Posts

Google: North Korean hackers have targeted security researchers via social media
Internet Security

Google: North Korean hackers have targeted security researchers via social media

January 26, 2021
Data of BuyUcoin cryptocurrency exchange traders allegedly leaked online
Internet Security

Data of BuyUcoin cryptocurrency exchange traders allegedly leaked online

January 26, 2021
That cute robot cop can instantly work out who you are
Internet Security

That cute robot cop can instantly work out who you are

January 26, 2021
Mysterious phishing campaign targets organizations in COVID-19 vaccine cold chain
Internet Security

Dutch COVID-19 patient data sold on the criminal underground

January 26, 2021
DreamBus botnet targets enterprise apps running on Linux servers
Internet Security

DreamBus botnet targets enterprise apps running on Linux servers

January 25, 2021
Next Post
IBM RFE Community, Release 23

Beginner's Guide to Rust: Get to know Rust

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Google: North Korean hackers have targeted security researchers via social media
Internet Security

Google: North Korean hackers have targeted security researchers via social media

January 26, 2021
Moving Averages: Natural Weights, Iterated Convolutions, and Central Limit Theorem
Data Science

Moving Averages: Natural Weights, Iterated Convolutions, and Central Limit Theorem

January 26, 2021
Smart Algorithm Cleans Up Images By Searching For Clues Buried In Noise
Machine Learning

Smart Algorithm Cleans Up Images By Searching For Clues Buried In Noise

January 26, 2021
Data of BuyUcoin cryptocurrency exchange traders allegedly leaked online
Internet Security

Data of BuyUcoin cryptocurrency exchange traders allegedly leaked online

January 26, 2021
Tools And Models Used In Software Testing
Data Science

Tools And Models Used In Software Testing

January 26, 2021
Using machine learning to better understand elbow injury | The Source
Machine Learning

Using machine learning to better understand elbow injury | The Source

January 26, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Google: North Korean hackers have targeted security researchers via social media January 26, 2021
  • Moving Averages: Natural Weights, Iterated Convolutions, and Central Limit Theorem January 26, 2021
  • Smart Algorithm Cleans Up Images By Searching For Clues Buried In Noise January 26, 2021
  • Data of BuyUcoin cryptocurrency exchange traders allegedly leaked online January 26, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates