Tuesday, December 3, 2024
HomeHacksAsk.com Toolbar Compromised Twice in 2 Months , Second Attack Installed RAT

Ask.com Toolbar Compromised Twice in 2 Months , Second Attack Installed RAT

Published on

SIEM as a Service

Ask Partner Network (APN) has been compromised twice within 2 month since 2016 November. Researcher’s Discovered deliver malware to computers running the Ask.com Toolbar.

First Attack took place at the November Reported by Red Canary security and discovered that Ask’s software was being co-opted by a malicious actor to execute malicious software on victims’ endpoints.

Once installed, the dropper would bring in secondary malware including banking Trojans and other online-fraud.

- Advertisement - SIEM as a Service

Attackers who were trying to turn the Ask.com Toolbar into a malware dispensary got caught early on when their scheme was picked up by security services that were looking for anomalies.

Second Attack initiate RAT in victim’s PC

Carbon Black Detected and Reported that attackers used this RAT to open a reverse command shell on the victim’s computer. All of this happened in 60 seconds after the delivery of the malicious update.

“Carbon Black Threat Research team confirmed this to be a continuation of the earlier activity, and indicative of a sophisticated adversary based on the control of a widely used update mechanism to deliver targeted attacks using signed updates containing malicious content.”

Second Attack Detected that originated from the APN Updater using malware signed with the certificate issued .

Less Than 60 Seconds to Gain Access

Carbon Black Reported that ,We have warned about the dangers of Potentially Unwanted Programs and Applications (PUP/PUA) several times but this breach provides direct evidence that a threat actor is making use of PUPs and their infrastructure for more targeted and highly malicious activities.

“Within one minute of gaining access to the target endpoint the attacker had launched a remote command shell and within 45 minutes “ of initial access they had captured credentials and were moving laterally in the network.

The RAT utilized as a part of this second assault was marked by the APN testament issued after the primary Attack, which in all likelihood implies the assailants kept up an a dependable balance on APN’s system after designers cleaned servers after the principal Attack.

Also Read :

Latest articles

PEFT-As-An-Attack, Jailbreaking Language Models For Malicious Prompts

Federated Parameter-Efficient Fine-Tuning (FedPEFT) is a technique that combines parameter-efficient fine-tuning (PEFT) with federated...

Hackers Cloning Websites, Exploiting RCE Flaws To Gain Access To Shopping Platforms

Cybercriminals are leveraging AI-powered phishing attacks, website cloning tools, and RCE exploits to target...

Hackers Exploited Windows Event Logs Tool log Manipulation, And Data Exfiltration

wevtutil.exe, a Windows Event Log management tool, can be abused for LOLBAS attacks. By...

Threat Actors Allegedly Claims Breach of EazyDiner Reservation Platform

Reports have emerged of a potential data breach involving EazyDiner, a leading restaurant reservation...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

PEFT-As-An-Attack, Jailbreaking Language Models For Malicious Prompts

Federated Parameter-Efficient Fine-Tuning (FedPEFT) is a technique that combines parameter-efficient fine-tuning (PEFT) with federated...

Hackers Cloning Websites, Exploiting RCE Flaws To Gain Access To Shopping Platforms

Cybercriminals are leveraging AI-powered phishing attacks, website cloning tools, and RCE exploits to target...

ElizaRAT Exploits Google, Telegram, & Slack Services For C2 Communications

APT36, a Pakistani cyber-espionage group, has recently upgraded its arsenal with ElizaRAT, a sophisticated...