September 2023

BundleBot Malware Hidden in Fake Google AI Chatbot

BundleBot, Facebook Ads, Google AI Chatbot, malware, monitor network, network security, OphtekBundleBot, Facebook Ads, Google AI Chatbox, malware, network, Ophtek, securityOphtek, LLC

Sep 2023

As the popularity of AI apps soars, the latest being Google’s Bard, it’s becoming clearer that threat actors are taking advantage of this popularity.

The latest attack to be launched revolves around BundleBot, a new brand of malware which is as stealthy as it is dangerous. Bundlebot is typically found lurking within Facebook ads that promise to take you to websites containing AI utilities and games. These websites, however, are malicious. Users report that these malicious websites are similar, in terms of design, to Bard, but their main objective is to encourage users to download malicious files, most typically hosted on an external storage site such as Dropbox.

As we become more and more interested in AI, it’s important that we remain on guard against threats such as BundleBox, so let’s take a more in-depth look at what it is.

The Lowdown on BundleBox

Once the malicious file – an RAR archive file often named Google_AI.rar – is downloaded and executed, the BundleBox campaign begins. Within this archive file, is an executable file called GoogleAI.exe which, once activated, retrieves a ZIP file (ADSNEW-1.0.0.3.zip). Once opened, this ZIP file contains a further application by the name of RiotClientServices.exe. This executable is used to fully launch, through the use of a .dll file, the BundleBox attack.

Thanks to junk code being built into Bundlebox’s design, it is able to operate stealthily and away from the attentions of anti-malware software. While it remains hidden, BundleBox utilizes a ‘command and control’ function to steal sensitive data and transmit it to a remote location. The perpetrators behind BundleBox, currently, remain a mystery, but it’s believed they are from Vietnam, due to similar Vietnamese-based attacks being launched through Facebook in recent months.

Staying Safe from BundleBox and Similar Threats

There is no definitive solution to a BundleBox infection at present, but there are plenty of ways you can protect your PCs from falling victim. Make sure that your organization enforces the following:

Be wary of attractive ads: you should always be wary of what adverts are promising, but this is doubly true for online adverts. With little information being publicly available regarding the creator of a Facebook ad, you are always taking a risk when you click on one. The claim at the heart of the ad may sound enticing, but you have to remember that this is the simplest way to get people to click it. Therefore, if something sounds too good to be true, such as expensive software offered for free, then it most likely is too good to be true.
Check your network activity: Monitoring network activity is crucial when it comes to identifying the presence of malware activity. By analyzing incoming and outgoing data packets, abnormal patterns and suspicious connections can be spotted, indicating potential malware activity. Sudden spikes in data traffic or unauthorized access attempts should be read as clear warning signs that an immediate investigation is required. Additionally, network monitoring also detects unusual data transfers and command-and-control communication.

For more ways to secure and optimize your business technology, contact your local IT professionals.

State-sponsored hacking remains a serious problem for PC users around the world, and the latest headline grabber – with links to North Korea – is EarlyRAT.

A remote access trojan (RAT) is nothing new in the world of cybercrime, with the earliest examples believed to have been released in the late 1980s. However, their impact has grown significantly over the last 30 years, and this means they need to be taken seriously. There’s a culture of evolution in the world of hacking and, as a result, new RATs are always more powerful than the previous generation. And that’s why the emergence of EarlyRAT has got so many IT professionals concerned.

What is a Remote Access Trojan?

You may not be familiar with the ins and outs of a RAT, so we’re going to take a second to explain what they are and why they are so dangerous. A RAT is a malicious software program designed to provide unauthorized remote access and control over a targeted PC. They tend to be disguised as genuine files – this is why RATs are often distributed through phishing emails – but are nothing short of digital chaos.

Once installed, a RAT allows attackers to gain control of the victim’s computer, and this is all carried out remotely. This allows the threat actors to steal sensitive information, monitor user activity, execute commands, and even activate the webcam or microphone to carry out surveillance. All of these dangers put the victim at risk of data theft and further cyber-attacks.

How Does EarlyRAT Work?

EarlyRAT was first detected by security experts at Kaspersky, who were analyzing a hacking campaign from 2022. The attack was made possible due to a flaw discovered in Log4j, a Java library used to log error messages generated by applications. This vulnerability was exploited by the Andariel hacking group, a team believed to be sponsored by North Korea. Once Log4j had been compromised, Andariel was able to download malware to the victims’ PCs.

Part of this initial attack also included a phishing campaign, and it was here that EarlyRAT was first detected. Phishing documents, once activated, would download EarlyRAT from servers well known for having connections to threat actors. EarlyRAT’s first objective was to start logging system information and, after this, it would begin downloading additional malware, affecting the productivity of infected machines and stealing user credentials.

Keeping Safe from EarlyRAT

It’s important that you protect your IT infrastructure and your data, so staying one step ahead of threats like EarlyRAT is vital. To achieve this, make sure you always practice the following:

Install ALL updates: EarlyRAT’s campaign is a fine example of why installing updates is essential. All it takes is one vulnerability for malware to spread through an IT system and steal huge amounts of data. Therefore, plugging any holes in your defenses should be a priority. And installing updates as soon as possible is the best way to achieve this.

Educate your staff: phishing campaigns, as EarlyRAT has demonstrated, can cause you a severe IT headache. With this in mind, it’s crucial that your staff are well educated on the dangers posed by phishing emails. If your employees can take that important step of stopping and thinking before opening an email, they could save your IT system significant down time.

Identify malicious websites: a large number of RATs are located on malicious websites, so it’s important that you know how to spot one of these. With this knowledge at your disposal, you will be able to not only identify a malicious website, but you’ll be able to realize a link is malicious before you even click it.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Security Experts Targeted by Malware on GitHub

GitHub, Hackers, install updates, malicious websites, malware, Ophtek, POC, proof of conceptGitHub, hackers, malware, Ophtek, POC, security, updates, vulnerabilityOphtek, LLC

Sep 2023

It’s always important to be cautious online, but it’s easy for people to fall victim to malware. Even security experts can fall for the tricks of hackers.

Yes, even those skilled and highly experienced security researchers can find themselves on the receiving end of malware. The most recent piece of evidence for this phenomena is an attack which is as brazen as it is powerful. It revolves around a piece of bait left, by threat actors, on GitHub, an online repository for developers to store and share their code. And it was a piece of code, disguised as a highly tempting piece of software for a security expert, which led to many of these professionals being left embarrassed.

How Were the Experts Fooled?

The GitHub attack involved a piece of software being made available which claimed to be a proof-of-concept (POC). Typically, a POC is a demonstration of a software project, and is used to determine how feasible the project is and the potential of its long-term success. For a security researcher, a POC is a useful way to test for security vulnerabilities, and this is why they are frequently downloaded and analyzed.

However, this specific ‘POC’ proved to be little more than malware in disguise. Within the fake POC structure was a malware downloader, which was used to download malware and set off a chain of malicious events. Once the malware was downloaded, it began by executing a Linux script to automate specific commands. This allowed the threat actors to start stealing data, which was automatically downloaded to a remote location, by scraping the entire directory of the infected PC.

The fake POC also allowed the threat actors to gain full access to any of the infected systems. This was achieved by adding their secure shell (a protocol for operating network services) to the authorized keys file on the infected system. All of this was made possible, for the threat actors, due to a vulnerability – known as CVE-2023-35829 – discovered in the Linux operating system, an OS usually used by software developers.

Avoid the Mistakes of the Experts

You may be thinking that, if a security expert can fall victim to malware, what hope do you have in the face of targeted attacks? However, as we know, nobody is 100% immune from the efforts of threat actors, and this includes security researchers. As ever, vigilance is key to maintaining the security of your IT infrastructure:

Always update: the surest way to minimize the risk of your PC being infected is to always install updates. No piece of software, due to the sheer amount of coding involved, is going to be free from mistakes. However, developers are keen to patch these mistakes as soon as they are aware of them, hence the issuing of security patches. Therefore, it makes sense to install these as soon as they are available.

Be wary of malicious websites: while GitHub is far from malicious, the people using it often are. This means you should always do some research on what you’re downloading and who you’re downloading it from. So, for example, try Googling the username of whoever is offering you a download, and see whether there are any trustworthy results or otherwise. Alternatively, ask an IT professional to take a look and assess the risk – contrary to the GitHub attack, they can usually spot malware from a mile away.

For more ways to secure and optimize your business technology, contact your local IT professionals.

How to Future Proof Your IT Infrastructure in 2023

Cloud, future, new technology, Ophtek, proof your IT infrastructure, security, virtualizationcloud, future, IT Infrastructure, new tech, Ophtek, proof, security, virtualizationOphtek, LLC

Sep 2023

Technology advances at a rapid pace, and this means you need to build scalability into your IT infrastructure to maintain future productivity.

Businesses need to future proof their IT infrastructure to ensure long-term success and sustainability. After all, technology is constantly evolving, and failing to adapt can result in outdated systems which hinder growth, productivity, and competitiveness. But if you adopt a culture of future proofing, you can minimize this risk by using new technology to enhance scalability and maximize your productivity. Implementing scalability, however, is easier said than done. And that’s why we’ve decided to give you a head start with some suggestions.

The Best Future Proofing Methods for Success

If you want to make sure that your IT infrastructure remains relevant and keeps one eye on the future, make sure you adopt these best practices for future proofing:

Use the cloud: one of the simplest ways to future proof your IT operations is by adopting cloud-based solutions. With a wide range of providers and plans available, you can use cloud-based platforms to take care of your storage, software, and infrastructure. Best of all, these services can easily be upgraded to cope with future demand, this makes cloud computing the epitome of scalability and reduces the risk of your in-house hardware becoming obsolete.

Invest for the future: while it may make financial sense, in the short term, investing in low quality IT hardware will only ever provide a short term solution. You see, given how fast technology evolves, if you buy IT equipment at the cheaper end of the market, its performance levels will soon be superseded by newer technology. Therefore, while remaining financially sensible, make sure you invest in the best technology you can afford to increase its lifespan and suitability for your needs.
Virtualization: this creates virtual versions of resources and allows your business to optimize your equipment and reduce costs. Virtualization optimizes your resources by consolidating multiple virtual machines onto a single server, this approach will reduce costs and enhance efficiency. It also helps to future proof your IT infrastructure as it allows you to scale resources up or down quickly based on demand. So, not only is your system flexible and scalable, but it also provides a strong foundation for your IT infrastructure going forwards.
Watch technology: if you want to future proof your businesses IT operations, then it’s crucial that you keep an eye on what’s happening in the world of technology. This will ensure that you are aware of innovative opportunities for growth within your business. More importantly, it will give you time to plan and implement these innovations early on compared to your competitors. This will give you not only a competitive edge, but it will also allow you to anticipate changes in customer behavior.
Strengthen your security: cyber criminals are constantly updating their methods of attack, so you need to keep pace with them to secure your IT infrastructure. Accordingly, always make sure that your antivirus software is up to date and that your employees are educated about upcoming, as well as contemporary, threats. These simple steps will help facilitate the future security of your IT systems.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Monthly Archives: September 2023