Thursday, June 13, 2024

New Malware Campaign Trick Victims as an Adobe Flash Player Installers

Security researchers from ESET identified the sophisticated hacker group Turla added new malware to its arsenal. It attempts victims to install the backdoor via fake Flash installers.

The campaign is primarily targetting embassies and consulates in the post-Soviet states. Turla cyberespionage group using this attack method starting from July 2016, the new tool have same similarities associated with the previous malware distributed by the group.

Not only does the gang now bundle its backdoors together with a legitimate Flash Player installer but, compounding things further, it ensures that URLs and the IP addresses it uses appear to correspond to Adobe’s legitimate infrastructure.ESET said.

Possible attack vector will be the Man-in-the-Middle (MitM), attackers might compromise the companies network gateway to intercept and redirect the traffic of the targeted machine to a compromised machine.

Also Read 36 Malicious Android Apps Removed From Google Play Store that Mimics as Famous Security Tools

Attackers may intercept the traffic at the ISP level which is evident with FinFisher Spyware, attackers could use Border Gateway Protocol (BGP) hijack to re-route the traffic to a server controlled by Turla.

If victim download and launches the flash player it drops the backdoor possibly Mosquito, a piece of JavaScript to communicate web app hosted to exfiltrate the user’s sensitive data including the unique ID of the compromised machine, the username, and the list of security products installed on the device.

A recent version of Mosquito are highly obfuscated which makes the analysis job difficult, to maintain access the installer tampers registry and also creates an remote access for RDP connection.


Latest articles

CISA Warns of Scammers Impersonating as CISA Employees

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a surge...

Microsoft Windows Ntqueryinformationtoken Flaw Let Attackers Escalate Privileges

Microsoft has disclosed a critical vulnerability identified as CVE-2024-30088.With a CVSS score of 8.8, this flaw affects Microsoft...

256,000+ Publicly Exposed Windows Servers Vulnerable to MSMQ RCE Flaw

Cybersecurity watchdog Shadowserver has identified 256,000+ publicly exposed servers vulnerable to a critical Remote...

Indian National Jailed For Hacked Servers Of Company That Fired Him

An Indian national was sentenced to two years and eight months in jail for...

JetBrains Warns of GitHub Plugin that Exposes Access Tokens

A critical vulnerability (CVE-2024-37051) in the JetBrains GitHub plugin for IntelliJ-based IDEs (2023.1 and...

Critical Flaw In Apple Ecosystems Let Attackers Gain Unauthorized Access

Hackers go for Apple due to its massive user base along with rich customers,...

Hackers Exploiting Linux SSH Services to Deploy Malware

SSH and RDP provide remote access to server machines (Linux and Windows respectively) for...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles