• Dangerous new phishing campaign infects Windows devices with mali

    From TechnologyDaily@1337:1/100 to All on Tuesday, November 05, 2024 12:45:05
    Dangerous new phishing campaign infects Windows devices with malicious Linux VM

    Date:
    Tue, 05 Nov 2024 12:42:25 +0000

    Description:
    Hackers found new ways to avoid triggering AV solutions while fiddling with people's PCs.

    FULL STORY ======================================================================A phishing attack leads to the download of a large file The Linux VM comes preloaded with malware, granting crooks all kinds of advantages Securonix advises caution when handing inbound emails

    A creative new phishing technique has been spotted that looks to trick
    victims into downloading and installing a virtual Linux machine on their Windows endpoints. The virtual machine comes preloaded with a backdoor , granting the crooks unabated access to the compromised devices.

    A report from cybersecurity researchers Securonix dubbed the campaign CRON#TRAP. It starts with a fake OneAmerica survey which distributes the VM installation file (285 MB), and a fake error popup image.

    If the victims fall for the trick and trigger the installer, it will run in the background, while showing the fake error message in the front. That way, the victims will think that the survey was unavailable at the time. In the background, though, a fully legit version of a Linux VM, called TinyCore,
    will be installed via QEMU, a legitimate, open-source virtualization tool
    that allows for emulating various hardware and processor architectures. Tricking the AV

    Since QEMU is legitimate, no antivirus programs flag it as malicious. Furthermore, they will not flag anything that happens in the virtual machine, since it is walled in and operates as a sandbox. This emulated Linux environment enables the attacker to operate outside the visibility of traditional antivirus solutions, the researchers explained.

    However, since the VM comes with a backdoor, crooks can use it for a number
    of things, including network testing and initial reconnaissance, tool installation and preparation, payload manipulation and execution, configuration persistence and privilege escalation, SSH key manipulation for remote access, file and environment management, system and user enumeration, and potential exfiltration or command control channels.

    The backdoor was said to contain a tool called Chisel, which is a network tunneling program, pre-configured to set up a secure communications channel with the C2 server.

    Since the campaign starts with a simple phishing email, Securonix advises
    care when handling inbound emails.

    Via BleepingComputer You might also like Cactus ransomware hackers say they stole terabytes of Schneider Electric data Here's a list of the best
    firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/dangerous-new-phishing-campaign-infects -windows-devices-with-malicious-linux-vm


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)