Wednesday, March 3, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Windows malware: Slub taps Slack, GitHub to steal your info

March 8, 2019
in Internet Security
Windows malware: Slub taps Slack, GitHub to steal your info
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Migrating from Windows 7? You might want to do it now
With less than a year until the end of Windows 7 support, users may want to consider migrating sooner rather than later to avoid malware that spreads much more easily on obsolete platforms.

Researchers at Trend Micro say they’ve found new malware that uses Slack channels, GitHub, and the file.io file-sharing site to steal data from Windows PCs. 

You might also like

Remote work: 5 things every business needs to know

New app rollout helps reduce paperwork for NSW frontline child protection caseworkers

Linux Mint may start pushing high-priority patches to users

The previously unknown malware is part of a ‘watering hole’, a type of attack that involves compromising a website that’s likely to be visited by an intended target group. 

The unnamed website in question would be of interest to people interested in “political activities”, according to Trend Micro, which says this campaign kicked off in late February. 

The compromised site bumped each visitor just once to a malicious page that exploited CVE-2018-8174, a remote-code execution VBScript engine flaw that can be exploited via Internet Explorer. 

Microsoft patched the bug in May 2018, so any visitors running Windows without that patch may have been infected with ‘Slub’, Trend Micro’s name for the malware, since the attacker relies on Slack and GitHub (SLack and githUB) to communicate with and steal data from an infected PC.

Trend Micro notes that once a target is infected, the initial malware downloads another set of files containing Slub, which then checks for the presence of antivirus software. 

If any is detected, it simply leaves and this appears to have kept it below the radar of any antivirus product until now, according to Trend Micro. 

The malware also exploits an even older Windows bug, CVE-2015-1705, a win32k.sys local elevation of privilege flaw that was found to be useful by targeted attackers because it could be used to bypass a Windows application’s sandbox. 

Once a machine has been fully compromised, the backdoor uses a private Slack channel to check commands taken from ‘gist’ snippets hosted on GitHub, and then sends the commands to a private Slack channel controlled by the attacker.   

The infected machine also uploads targeted files to the file.io file-sharing website, from which the attacker picks up the stolen files.  

Slub actors have a “strong interest in person-related information, with a special focus on communication software”, according to Trend Micro researchers. 

The backdoor contains commands to compress the target’s desktop folder and steal it. It also create a file containing the file tree of the user’s desktop. And it seeks out offline data stored in Skype, as well as information about the user habits on Twitter, KakaoTalk, and BBS. Finally, it copies all .hwp files, the extension used by a Korean word-processing app.    

Trend Micro says it informed Canadian Centre for Cyber Security, which worked with the owner of the watering-hole site to remove the redirect malware. 

Slack has since shutdown the Slack Workspace that was being used by the attacker as a violation of its terms of service. GitHub has also removed the files from its service. 

“Our investigation makes us believe with strong confidence that it was part of a possible targeted attack campaign,” Trend Micro researchers said. 

“The attackers also appear to be professionals, based on their way of handling their attack. They only use public third-party services and therefore did not need to register any domains or anything else that could leave a trail.

“The few email addresses we found during the investigation were also using trash email systems, giving the attackers a clean footprint. Finally, the watering hole chosen by the attackers can be considered interesting for those who follow political activities, which might give a glimpse into the nature of the groups and individuals that the attackers are targeting.”

slubtrendmicro.jpg

Trend Micro has identified the infection chain used by the Slub malware. 


Image: Trend Micro

Previous and related coverage

All Intel chips open to new Spoiler non-Spectre attack: Don’t expect a quick fix

Researchers say Intel won’t be able to use a software mitigation to fully address the problem Spoiler exploits.

Microsoft security chief: IE is not a browser, so stop using it as your default

Internet Explorer is a ‘compatibility solution’ and should only be used selectively, warns Microsoft exec.

Google: Chrome zero-day was used together with a Windows 7 zero-day

Google reveals Windows 7 zero-day. Microsoft is working on a fix.

The Windows 10 security guide: How to safeguard your business

How do you configure Windows 10 PCs to avoid common security problems? There’s no software magic bullet, unfortunately, and the tools are different for small businesses and enterprises. Here’s what to watch out for.

Microsoft makes final push to rid world of Internet Explorer 10

Enterprise customers running Windows Server 2012 have one year to change from IE10 to IE11.

How virtualisation is changing Windows application security TechRepublic

Sandboxes, minimal processes, Hyper-V containers, Device Guard: virtualisation delivers a lot more than VMs in modern Windows.

7 security tips to stop apps from stealing your data CNET

We asked data privacy experts how to protect your personal information when downloading and using apps on your phone.

Credit: Source link

Previous Post

Please Stop Calling Artificial Intelligence Research an ‘Arms Race’

Next Post

Increase conversions with intelligent site search

Related Posts

Remote work: 5 things every business needs to know
Internet Security

Remote work: 5 things every business needs to know

March 3, 2021
New app rollout helps reduce paperwork for NSW frontline child protection caseworkers
Internet Security

New app rollout helps reduce paperwork for NSW frontline child protection caseworkers

March 3, 2021
Linux Mint may start pushing high-priority patches to users
Internet Security

Linux Mint may start pushing high-priority patches to users

March 3, 2021
Ransomware puzzle: These two pieces of malware look very different, but they evolved from the same root
Internet Security

Ransomware puzzle: These two pieces of malware look very different, but they evolved from the same root

March 3, 2021
Google addresses customer data protection, security in Workspace
Internet Security

Google addresses customer data protection, security in Workspace

March 2, 2021
Next Post

Increase conversions with intelligent site search

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

URGENT — 4 Actively Exploited 0-Day Flaws Found in Microsoft Exchange
Internet Privacy

URGENT — 4 Actively Exploited 0-Day Flaws Found in Microsoft Exchange

March 3, 2021
This Protein Therapeutics Company Integrates Wet Lab For High-Speed Characterization With Machine Learning Technologies To Guide The Search For Better Antibodies
Machine Learning

This Protein Therapeutics Company Integrates Wet Lab For High-Speed Characterization With Machine Learning Technologies To Guide The Search For Better Antibodies

March 3, 2021
Breadcrumbing Job Applicants: Bad for Employers
Marketing Technology

Breadcrumbing Job Applicants: Bad for Employers

March 3, 2021
Remote work: 5 things every business needs to know
Internet Security

Remote work: 5 things every business needs to know

March 3, 2021
Yum! Brands Acquires AI Company
Machine Learning

Yum! Brands Acquires AI Company

March 3, 2021
Customer Experience Management and Improvement
Marketing Technology

Customer Experience Management and Improvement

March 3, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • URGENT — 4 Actively Exploited 0-Day Flaws Found in Microsoft Exchange March 3, 2021
  • This Protein Therapeutics Company Integrates Wet Lab For High-Speed Characterization With Machine Learning Technologies To Guide The Search For Better Antibodies March 3, 2021
  • Breadcrumbing Job Applicants: Bad for Employers March 3, 2021
  • Remote work: 5 things every business needs to know March 3, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates