Tuesday, April 13, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

Trojanized Security Software Hits South Korea Users in Supply-Chain Attack

November 16, 2020
in Internet Privacy
Trojanized Security Software Hits South Korea Users in Supply-Chain Attack
588
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Cybersecurity researchers took the wraps off a novel supply chain attack in South Korea that abuses legitimate security software and stolen digital certificates to distribute remote administration tools (RATs) on target systems.

Attributing the operation to the Lazarus Group, also known as Hidden Cobra, Slovak internet security company ESET said the state-sponsored threat actor leveraged the mandatory requirement that internet users in the country must install additional security software in order to avail Internet banking and essential government services.

You might also like

BRATA Malware Poses as Android Security Scanners on Google Play Store

Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users’ Data

What Does It Take To Be a Cybersecurity Researcher?

The attack, while limited in scope, exploits WIZVERA VeraPort, which is billed as a “program designed to integrate and manage internet banking-related installation programs,” such as digital certificates issued by the banks to individuals and businesses to secure all transactions and process payments.

The development is the latest in a long history of espionage attacks against victims in South Korea, including Operation Troy, DDoS attacks in 2011, and against banking institutions and cryptocurrency exchanges over the last decade.

internet security software in korea

Aside from using the aforementioned technique of installing security software in order to deliver the malware from a legitimate but compromised website, the attackers used illegally obtained code-signing certificates in order to sign the malware samples, one of which was issued to the US branch of a South Korean security company named Dream Security USA.

“The attackers camouflaged the Lazarus malware samples as legitimate software. These samples have similar file names, icons and resources as legitimate South Korean software,” ESET researcher Peter Kálnai said. “It’s the combination of compromised websites with WIZVERA VeraPort support and specific VeraPort configuration options that allows attackers to perform this attack.”

http://thehackernews.com/

Stating that the attacks target websites that use VeraPort — which also comes with a base64-encoded XML configuration file containing a list of software to install and their associated download URLs — ESET researchers said the adversaries replaced the software to be delivered to VeraPort users by compromising a legitimate website with malicious binaries that were then signed with illicitly acquired code-signing certificates to deliver the payloads.

“WIZVERA VeraPort configurations contain an option to verify the digital signature of downloaded binaries before they are executed, and in most cases this option is enabled by default,” the researchers noted. “However, VeraPort only verifies that the digital signature is valid, without checking to whom it belongs.”

The binary then proceeds to download a malware dropper that extracts two more components — a loader and a downloader — the latter of which is injected into one of the Windows processes (“svchost.exe”) by the loader. The final-stage payload fetched by the downloader takes the form of a RAT that comes equipped with commands allowing the malware to perform operations on the victim’s filesystem and download and execute auxiliary tools from the attacker’s arsenal.

digital-cert

What’s more, the campaign appears to be what’s a continuation of another Lazarus-mounted attack called Operation BookCodes detailed by the Korea Internet & Security Agency earlier this April, with significant overlaps in TTPs and command-and-control (C2) infrastructure.

“Attackers are particularly interested in supply-chain attacks, because they allow them to covertly deploy malware on many computers at the same time,” the researchers concluded.

“Owners of [websites with VeraPort support] could decrease the possibility of such attacks, even if their sites are compromised, by enabling specific options (e.g. by specifying hashes of binaries in the VeraPort configuration).”


Credit: The Hacker News By: noreply@blogger.com (Ravie Lakshmanan)

Previous Post

Machine Learning Market Segments, Future Growth, Recent Trends, Top Player – The Daily Philadelphian

Next Post

Windows 10 update problem: We're fixing Kerberos authentication bug, says Microsoft

Related Posts

BRATA Malware Poses as Android Security Scanners on Google Play Store
Internet Privacy

BRATA Malware Poses as Android Security Scanners on Google Play Store

April 13, 2021
Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users’ Data
Internet Privacy

Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users’ Data

April 13, 2021
What Does It Take To Be a Cybersecurity Researcher?
Internet Privacy

What Does It Take To Be a Cybersecurity Researcher?

April 12, 2021
Windows, Ubuntu, Zoom, Safari, MS Exchange Hacked at Pwn2Own 2021
Internet Privacy

Windows, Ubuntu, Zoom, Safari, MS Exchange Hacked at Pwn2Own 2021

April 12, 2021
Hackers Tampered With APKPure Store to Distribute Malware Apps
Internet Privacy

Hackers Tampered With APKPure Store to Distribute Malware Apps

April 10, 2021
Next Post
Windows 10 update problem: We’re fixing Kerberos authentication bug, says Microsoft

Windows 10 update problem: We're fixing Kerberos authentication bug, says Microsoft

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

These new vulnerabilities put millions of IoT devices at risk, so patch now
Internet Security

These new vulnerabilities put millions of IoT devices at risk, so patch now

April 13, 2021
BRATA Malware Poses as Android Security Scanners on Google Play Store
Internet Privacy

BRATA Malware Poses as Android Security Scanners on Google Play Store

April 13, 2021
6 Limitations of Desktop System That QuickBooks Hosting Helps Overcome
Data Science

6 Limitations of Desktop System That QuickBooks Hosting Helps Overcome

April 13, 2021
ANZ Bank: We’ve been using machine learning for 20 years
Machine Learning

ANZ Bank: We’ve been using machine learning for 20 years

April 13, 2021
Apple looking to close the gap between web and app privacy
Internet Security

Who do I pay to get the ‘phone’ removed from my iPhone?

April 13, 2021
Robust Artificial Intelligence of Document Attestation to Ensure Identity Theft
Data Science

Robust Artificial Intelligence of Document Attestation to Ensure Identity Theft

April 13, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • These new vulnerabilities put millions of IoT devices at risk, so patch now April 13, 2021
  • BRATA Malware Poses as Android Security Scanners on Google Play Store April 13, 2021
  • 6 Limitations of Desktop System That QuickBooks Hosting Helps Overcome April 13, 2021
  • ANZ Bank: We’ve been using machine learning for 20 years April 13, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates