EternalRomance – WindowsTechs.com

TrickBot developers continue to refine the malware’s sneakiness and power

Posted on February 16, 2022 by Joe Warminsky

The versatile malware known as TrickBot continues to pose “great danger” to customers of financial and technology companies because its developers are trying to stay a step ahead of cybersecurity analysts, according to Check Point Research. The company says TrickBot’s authors have equipped it with layers of “anti-analysis” and “anti-deobfuscation” capabilities, meaning that if an expert tries to pick apart the malware’s code, it stops communicating with its command-and-control servers or stops working altogether. Those features “show the authors’ highly technical background and explain why Trickbot remains a very prevalent malware family,” Check Point says in research published Wednesday. The danger remains clear, too: Check Point says the various modules of TrickBot are often deployed for stealing login credentials from customers of several large banks, including Bank of America and Wells Fargo, as well as big tech firms like Microsoft and Amazon. About 60 companies are affected overall. “These brands […]

The post TrickBot developers continue to refine the malware’s sneakiness and power appeared first on CyberScoop.

Continue reading TrickBot developers continue to refine the malware’s sneakiness and power→

TrickBot adds firmware tool that researchers say could lead to ‘bricking’ devices

Posted on December 3, 2020 by Tim Starks

The malicious software known as TrickBot has morphed again, this time with a module that probes booting process firmware for vulnerabilities, possibly setting the stage for attacks that could ultimately destroy devices, researchers say. Two cybersecurity companies, Eclypsium and Advanced Intelligence (Advintel), dubbed the TrickBot add-on module “TrickBoot,” since it targets the UEFI/BIOS firmware. Firmware is permanent code programmed into a hardware device, while UEFI and BIOS are two kinds of specifications that manage a device’s start-up. TrickBoot, then, is s a “significant step in the evolution of TrickBot,” the researchers say, that could make TrickBot especially pesty. “Since firmware is stored on the motherboard as opposed to the system drives, these threats can provide attackers with ongoing persistence even if a system is re-imaged or a hard drive is replaced,” they wrote.”Equally impactful, if firmware is used to brick a device, the recovery scenarios are markedly different (and more difficult) than recovery […]

The post TrickBot adds firmware tool that researchers say could lead to ‘bricking’ devices appeared first on CyberScoop.

Continue reading TrickBot adds firmware tool that researchers say could lead to ‘bricking’ devices→

China’s APT3 Pilfers Cyberweapons from the NSA

Posted on September 6, 2019 by Tara Seals

Large portions of APT3’s remote code-execution package were likely reverse-engineered from prior attack artifacts. Continue reading China’s APT3 Pilfers Cyberweapons from the NSA→

How did a Chinese APT get a U.S. hacking tool before it was leaked? Check Point has a theory.

Posted on September 5, 2019 by Shannon Vavra

A Chinese hacking group that has been using tools linked with the National Security Agency might have obtained at least one without breaching NSA systems, according to researchers at cybersecurity company Check Point. The Chinese hacking group APT3, which somehow had in its possession an NSA-linked tool in advance of public leaks in 2016 and 2017, appears to have acquired it by analyzing network traffic on a system that was potentially targeted by the NSA, Check Point says. The theory is that after observing the exploit in the wild, APT3 incorporated it into its own arsenal of attacks with some tweaks, the researchers say. “Check Point learned that the Chinese group was monitoring in-house machines that were compromised by the NSA, capturing the traffic of the attack and was leveraging it to reverse engineer the software vulnerabilities,” the researchers write. Check Point acknowledges that it “can’t prove this beyond any doubt.” The company says it does not know for sure […]

The post How did a Chinese APT get a U.S. hacking tool before it was leaked? Check Point has a theory. appeared first on CyberScoop.

Continue reading How did a Chinese APT get a U.S. hacking tool before it was leaked? Check Point has a theory.→

Chinese Hackers Used NSA Hacking Tools Before Shadow Brokers Leaked Them

Posted on May 7, 2019 by Swati Khandelwal

In a shocking revelation, it turns out that a hacking group believed to be sponsored by Chinese intelligence had been using some of the zero-day exploits linked to the NSA’s Equation Group almost a year before the mysterious Shadow Brokers group leaked… Continue reading Chinese Hackers Used NSA Hacking Tools Before Shadow Brokers Leaked Them→

Chinese hackers found and repurposed elite NSA-linked tools

Posted on May 7, 2019 by Greg Otto

A hacking group with ties to Chinese intelligence has been using tools linked to the National Security Agency as far back as March 2016, according to research from security firm Symantec. The tools include some released by the Shadow Brokers, a mysterious group that dumped computer exploits once used by the NSA on the open internet in April 2017. Symantec’s research suggests that the Chinese-linked group, which the company calls “Buckeye,” was using the same NSA-linked tools at least a year before they were publicly leaked. According to Symantec, one of the tools used by Buckeye was DoublePulsar, a backdoor implant that allows attackers to stealthily collect information and run malicious code on a target’s machine. DoublePulsar was used in conjunction with another tool, which Symantec calls Trojan.Bemstour, that took advantage of various Microsoft Windows vulnerabilities in order to secretly siphon information off targeted computers. The Trojan.Bemstour exploit allowed attackers […]

The post Chinese hackers found and repurposed elite NSA-linked tools appeared first on CyberScoop.

Continue reading Chinese hackers found and repurposed elite NSA-linked tools→

Cryptocurrency Transactions May Uncover Sales of Shadow Broker Hacking Tools

Posted on June 28, 2018 by Joseph Cox

Even though the Shadow Brokers told customers to use privacy-focused cryptocurrency Zcash, researchers may have found clues pointing to who tried to buy more of the group’s wares. Continue reading Cryptocurrency Transactions May Uncover Sales of Shadow Broker Hacking Tools→

PyRoMine Uses NSA Exploit for Monero Mining and Backdoors

Posted on April 26, 2018 by Tara Seals

Not just a miner, the malware also sets up a hidden default account with system administrator privileges, to be used for re-infection and further attacks. Continue reading PyRoMine Uses NSA Exploit for Monero Mining and Backdoors→

PyRoMine malware disables security & mines Monero using NSA exploits

Posted on April 25, 2018 by Waqas

By Waqas
The IT security researchers at Fortinet have discovered a dangerous new
This is a post from HackRead.com Read the original post: PyRoMine malware disables security & mines Monero using NSA exploits
Continue reading PyRoMine malware disables security & mines Monero using NSA exploits→

A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017

Posted on January 10, 2018 by Eric Avena

Adopting reliable attack methods and techniques borrowed from more evolved threat types, ransomware attained new levels of reach and damage in 2017. The following trends characterize the ransomware narrative in the past year: Three global outbreaks sho… Continue reading A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017→