Proton launches open-source password manager with some limitations
Proton AG has announced the global availability of Proton Pass, an open-source and free-to-use password manager available as a browser extension or mobile app on Android and iOS.manager. […] Read More
Malicious NuGet Packages Caught Distributing SeroXen RAT Malware
Cybersecurity researchers have uncovered a new set of malicious packages published to the NuGet package manager using a lesser-known method for malware deployment.
Software supply chain security firm ReversingLabs described the campaign as coordinated and ongoing since August 1, 2023, while linking it to a host of rogue NuGet packages that were observed delivering a remote access trojan called Read More
The Hacker News | #1 Trusted Cybersecurity News Site
Hackers Using Money-Making Scripts to Deliver Multiple Malware
The FBI warned about attacks on government and non-profit organizations in April, which involved deploying multiple malware strains on victim devices.
Besides this, the attackers aim to achieve the following things:-
Mine resources
Steal data
Establish backdoor access to systems
Cybersecurity researchers at Securelist recently identified numerous malicious money-making scripts that hackers actively use to deliver multiple malware.
Since late 2022, under this campaign, security analysts detected the following things:-
Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware
Technical analysis
Following the April report on indicators of compromise, experts uncovered new malicious scripts in their August telemetry.
The following scripts appear to exploit vulnerabilities on servers and workstations to tamper with Windows Defender:-
runxm1.cmd
start.cmd
The start.cmd script aims to disable protection via the registry while runxm1.cmd script adds files to exceptions, obtains administrator rights, and renames security solution folders.
Here below, we have mentioned all the executable and configuration files that the scripts attempt to download from this domain:-
start.cmd initiates RtkAudio.exe using config.txt for Monero mining. Additional downloaded files include View.exe, executed to save various files in the C:UsersPublic directory.
Files saved by View.exe (Source – Securelist)
Analysis of the files reveals keylogger functionality in Systemfont.exe, while IntelSvc.exe acts as a typical backdoor, connecting to a C2 server for instructions.
Attack Geography
Researchers have noted over 10,000 attacks targeting 200+ users globally since May 2023, primarily affecting B2B sectors such as-
Government agencies
Agriculture
Retail
However, besides this, all these threats were primarily encountered in the following countries:-
Russian Federation
Saudi Arabia
Vietnam
Brazil
Romania
Threat actors are increasingly targeting the B2B sector, using initial crypto-miner infections as a gateway for more harmful attacks like backdoors and keyloggers.
To defend against these evolving threats, businesses must continuously enhance their security measures.
Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Take advantage of the free trial to ensure 100% security.