Thursday, March 28, 2024

Ask.com Toolbar Compromised Twice in 2 Months , Second Attack Installed RAT

Ask Partner Network (APN) has been compromised twice within 2 month since 2016 November. Researcher’s Discovered deliver malware to computers running the Ask.com Toolbar.

First Attack took place at the November Reported by Red Canary security and discovered that Ask’s software was being co-opted by a malicious actor to execute malicious software on victims’ endpoints.

Once installed, the dropper would bring in secondary malware including banking Trojans and other online-fraud.

Attackers who were trying to turn the Ask.com Toolbar into a malware dispensary got caught early on when their scheme was picked up by security services that were looking for anomalies.

Second Attack initiate RAT in victim’s PC

Carbon Black Detected and Reported that attackers used this RAT to open a reverse command shell on the victim’s computer. All of this happened in 60 seconds after the delivery of the malicious update.

“Carbon Black Threat Research team confirmed this to be a continuation of the earlier activity, and indicative of a sophisticated adversary based on the control of a widely used update mechanism to deliver targeted attacks using signed updates containing malicious content.”

Second Attack Detected that originated from the APN Updater using malware signed with the certificate issued .

Less Than 60 Seconds to Gain Access

Carbon Black Reported that ,We have warned about the dangers of Potentially Unwanted Programs and Applications (PUP/PUA) several times but this breach provides direct evidence that a threat actor is making use of PUPs and their infrastructure for more targeted and highly malicious activities.

“Within one minute of gaining access to the target endpoint the attacker had launched a remote command shell and within 45 minutes “ of initial access they had captured credentials and were moving laterally in the network.

The RAT utilized as a part of this second assault was marked by the APN testament issued after the primary Attack, which in all likelihood implies the assailants kept up an a dependable balance on APN’s system after designers cleaned servers after the principal Attack.

Also Read :

Website

Latest articles

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles