Thursday, March 28, 2024

Ask.com Toolbar Compromised Twice in 2 Months , Second Attack Installed RAT

Ask Partner Network (APN) has been compromised twice within 2 month since 2016 November. Researcher’s Discovered deliver malware to computers running the Ask.com Toolbar.

First Attack took place at the November Reported by Red Canary security and discovered that Ask’s software was being co-opted by a malicious actor to execute malicious software on victims’ endpoints.

Once installed, the dropper would bring in secondary malware including banking Trojans and other online-fraud.

Attackers who were trying to turn the Ask.com Toolbar into a malware dispensary got caught early on when their scheme was picked up by security services that were looking for anomalies.

Second Attack initiate RAT in victim’s PC

Carbon Black Detected and Reported that attackers used this RAT to open a reverse command shell on the victim’s computer. All of this happened in 60 seconds after the delivery of the malicious update.

“Carbon Black Threat Research team confirmed this to be a continuation of the earlier activity, and indicative of a sophisticated adversary based on the control of a widely used update mechanism to deliver targeted attacks using signed updates containing malicious content.”

Second Attack Detected that originated from the APN Updater using malware signed with the certificate issued .

Less Than 60 Seconds to Gain Access

Carbon Black Reported that ,We have warned about the dangers of Potentially Unwanted Programs and Applications (PUP/PUA) several times but this breach provides direct evidence that a threat actor is making use of PUPs and their infrastructure for more targeted and highly malicious activities.

“Within one minute of gaining access to the target endpoint the attacker had launched a remote command shell and within 45 minutes “ of initial access they had captured credentials and were moving laterally in the network.

The RAT utilized as a part of this second assault was marked by the APN testament issued after the primary Attack, which in all likelihood implies the assailants kept up an a dependable balance on APN’s system after designers cleaned servers after the principal Attack.

Also Read :

Website

Latest articles

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft...

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included...

Beware of Free Android VPN Apps that Turn Your Device into Proxies

Cybersecurity experts have uncovered a cluster of Android VPN applications that covertly transform user...

ZENHAMMER – First Rowhammer Attack Impacting Zen-based AMD Platforms

Despite AMD's growing market share with Zen CPUs, Rowhammer attacks were absent due to...

Airbus to Acquire INFODAS to Strengthen its Cybersecurity Portfolio

Airbus Defence and Space plans to acquire INFODAS, a leading cybersecurity and IT solutions...

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles