Disk Wiping Malware Disguises itself as Ransomware

Apostle, Cyber Security, malware, Ophtek, Ransomware, Updates, , , ,
08
Jun 2021

Ransomware is a highly destructive form of malware, but it turns out that it can also provide the perfect cover for disk wiping malware.

The pitfalls of becoming a victim of ransomware are well documented. And, as such, the term ransomware is one that strikes fear into the heart of any PC user. But, at the very least, ransomware does give you an option of getting your files back. Naturally, you have to pay a ransom fee for the files to be decrypted, but you can get them back. However, a form of malware called Apostle has now been discovered which pretends to be ransomware when, in fact, it simply wipes your disk drive beyond retrieval.

Data is a crucial commodity in any organization, so it’s important you make it as secure as possible. And one of the perfect ways to do this is by understanding how Apostle works.

How Does Apostle Wipe Disks?

The Apostle malware is believed to originate from Iran and is related to a previous wiper malware called Deadwood. Apostle is not brand new as it has been in the digital wild for some time. But these initial versions of Apostle were flawed and failed to deliver their malicious payload. Since then, the designers of Apostle have tweaked its design to make it more effective. This contemporary version of Apostle presents itself as standard ransomware, but this is merely to throw the victims off guard; its true intent is to destroy data and cause disruption.

The hackers behind Apostle are particularly cunning and are also happy to take ransom payments while destroying the data in question. But this is not where the attack ends. There are signs that Apostle is being used in conjunction with a backdoor attack called IPSec Helper. This allows the hackers to download and execute additional malware and move, undetected, within infected networks. Again, the intention here is to cause disruption.

How Do You Stop Your Disk Being Wiped?

The focus of Apostle, so far, has been Israeli targets, but this does not mean it should be considered a low-level threat. The design of this disk wiper malware can easily be engineered into more virulent and dangerous forms. And this could easily strike at the heart of your business’ operations. Therefore, it’s crucial that you maintain the following practices:

  • Evaluate All Attachments Before Opening: It’s likely that you receive numerous email attachments through the day, but how often do you verify them before opening? Trusted email addresses can, very easily, be taken over or even replicated. And this provides the perfect route for infected files to be opened. So, if in doubt over whether an attachment is safe, always check with an IT professional before opening.
  • Keep Your Software Updated: Another sure-fire way for hackers to gain access to your network is through vulnerabilities caused by outdated software. The best way to counter this threat is by implementing software updates as soon as possible. This minimizes the presence of vulnerabilities and keeps hackers out.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Hackers Use Microsoft Platform to Launch Malware Attacks

data harvest, Hackers, malware, MSBuild, Ophtek, redline stealer, , , ,
01
Jun 2021

Hackers are innovative and industrious individuals, a description which is best demonstrated by their recent leverage of MSBuild to deliver malware.

The Microsoft Build Engine (MSBuild) is an open-source platform which allows software developers to test and compile their source codes. Operational since 2003, the platform has proved to be highly popular with developers and, accordingly, supports a large number of users. And it’s this popularity which has made it so attractive to hackers. By targeting these source codes at a development stage, the hackers are able to piggyback their malicious software into genuine software.

While your organization may not be involved in software development, there’s always the risk that you could end up working with software which is pre-loaded with malware. Therefore, we’re going to take a look at this MSBuild hack.

How are Hackers Infecting MSBuild?

Project files housed within MSBuild can be integrated within executable files which allow the hackers to launch their malicious payloads. But, as ever, hackers have been keen to remain stealthy; the infected payload does not run as a file. Instead, the malicious code is loaded into the PCs memory and it is here that the attack is launched. So far, it has been established that at least three forms of malware have been injected into systems via this approach. Redline Stealer, Remcos and QuasarRAT are the most recognisable forms of malware and have the potential to cause great damage.

Redline Stealer is primarily used as a data harvester and, as such, is mostly employed to steal login credentials and sensitive data. Remote access and surveillance, meanwhile, is the heartbeat of Remcos and allows hackers to hijack PCs remotely. Finally, QuasarRAT is another remote access tool and one which grants hackers full control of infected PCs. Naturally, these three malware variants are the last things you want on your system. And, given that they run filelessly and in the memory of a PC, it’s a threat which is difficult to tackle.

Protecting Yourself Against Memory Based Malware

Malware which operates from within the memory of your PC is difficult to tackle, but not impossible. Start by making sure you carry out these best security practices:

  • Monitor Network Activity: Regardless of whether a malware attack is file-based or fileless, there will be noticeable changes in your network activity. Any unusual spikes in data transfer or transmissions to unusual destinations should be investigated immediately.

Unfortunately, not all antivirus software can detect fileless malware such as that involved with the MSBuild hack. Conventional, file-based malware leaves behind digital footprints which are easy to detect, but this is not the case with fileless variants. In order to fully protect yourself, check with vendors whether their software has the capability to combat fileless malware.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Fake Clubhouse Ads on Facebook Were Packed with Malware

Ad-Blocker, Antivirus, Facebook Clubhouse, Fake Ads, malware, Ophtek, , , , ,
27
Apr 2021

Clubhouse is a social media app which is currently only available on Apple devices. But this hasn’t stopped hackers using it to exploit PC users.

The success of Clubhouse since its launch in April 2020 has ensured that it has grabbed numerous headlines. And everyone is keen to have a taste of the Clubhouse experience where audio content is king. But this is not yet an option for PC users. Nonetheless, the interest generated by Clubhouse means that the app has brought it to the attention of the hacking community. Using all their cunning and guile, these hackers have decided to use Clubhouse as a front for infecting PCs with malware. And they have been meeting this objective by running fake ads on Facebook.

Facebook currently has around 2.8 billion regular users, so the potential for success with this attack is large. Therefore, you need to be aware of what to look out for.

Fake Ads on Facebook

The promise of these fake ads on Facebook were simple: a Clubhouse app is now available for PCs, so get it now. It was an announcement which caught the eye of many PC users. But, unfortunately, there was no Clubhouse app for the PC. Instead, clicking the ad would take the user to a malicious website pretending to be an official Clubhouse page. On this page there was a download link for an app, but it was not Clubhouse; there would be no opportunity for social media activities on the malicious app. Once it was opened it would connect the victim to a remote server which then proceeded to download malware (including ransomware) on to the PC.

Combatting Fake Ads

Malvertising has been a common hacking strategy for some time now, but it is not one that many people are familiar with. And, given the size and scale of Facebook, it is surprising that their platform is open to such abuse. However, it is this size which makes it such an attractive proposition to hackers. If just 0.5% of Facebook’s audience fall for a scam then it’s a significant hit. Thankfully, this Clubhouse scam appeared to deactivate as soon as it was discovered. The malicious app no longer connects to a remote server and now only returns an error message. But it’s important that you know what you’re clicking on when you’re online.

In an ideal world, Facebook would fully vet every single advert submitted to its system. But this is impossible due to the sheer numbers involved. And, besides, they can easily be adjusted after being accepted on the platform. Therefore, it pays to carry out these best practices:

  • Verify Ad Destinations: Depending on which browser you use, you should be able to view where an ad will send you before clicking on it. Often, hovering over it is enough to display the destination within your browser. Alternatively, you can right hand click an ad and select “Copy link address” before pasting it into a program such as Notepad. If there is something suspicious about this link – such as a name which doesn’t match the promised destination – then don’t click the advert.
  • Run Antivirus Software: It’s crucial that you install antivirus software on your PC, particularly one that runs in real-time. These apps may not stop you clicking on infected adverts, but they can identify infected software. Accordingly, the malicious Clubhouse app would be detected and immediately quarantined.
  • Use an Ad-Blocker: An ad-blocker will block all the ads on a webpage, so this completely eliminates the risk of clicking on a malicious ad. This may sound perfect, but bear in mind that some websites may not run properly when an ad-blocker is used. In fact, many websites may not allow you to gain access to their content as a result. Luckily, websites that you trust can be listed as exceptions within the software.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

What’s a Keylogger? And How Do You Beat One?

anti malware, Cyber Security, keylogger, malware, Ophtek, spyware, , , ,
30
Mar 2021

One of the simplest forms of spyware you can run into is a keylogger. Capable of stealing large amounts of data, a keylogger is simple yet dangerous.

In the world of cyber-security, keyloggers are a frequently mentioned hacking device. But what exactly are they? And what should you do if you fall victim to one? These are important questions as keyloggers can cause immense damage. The main interest of a keylogger is data. In particular, keyloggers have an intense hunger for personal data. Login credentials, banking details and social security information are all at risk. Therefore, it’s critical that you know what a keylogger is, how it works and how to protect yourself.

Luckily, we’ve put together a quick guide to give you the lowdown on keyloggers.

A Beginner’s Guide to Keyloggers

As we have established, keyloggers thrive upon harvesting data from their victims. The simplest way that a keylogger can do this is by monitoring and recording the keystrokes that are made on an infected PC. The software behind a keylogger is simple and can quickly be installed on a PC either manually, through an infected website or as part of a malware package. Once it’s installed, the keylogger will work silently in the background as it records data. The harvested data will then be routinely transmitted to a remote server.

A keylogger can quickly harvest data that puts both organizations and their customers at risk. Not only can personal details be stolen and used for criminal means, but financial accounts can also be compromised. Almost all modern malware will contain some form of keylogger; this is unlikely to change while users continue to use their keyboards to enter data into PCs. But you don’t need to fear keyloggers. As long as you know how to protect your PC then you should be able to benefit from peace of mind.

Beating Keyloggers

It’s impossible to provide 100% protection against keyloggers, but it’s possible to strengthen your defenses to their maximum. And you can do this by carrying out the following:

  • Two-Factor Authentication: One of the best methods for thwarting hackers is by using two-factor authentication. Organizations can easily generate unique authorization codes that are forwarded to an individual’s phone/personal device. These one-off codes ensure that employees can gain access to their network, but, even if this code is harvested, it is useless.
  • Monitor Network Activity: A keylogger will need to contact its remote server to transmit its stolen data. But, to do this, it will need to leave your network. And this network activity can easily be monitored at your end. Any unusual traffic or external destinations should be investigated immediately and blocked if any malicious activity is suspected.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

CopperStealer Malware Shows the Dangers of Illegal Downloads

CopperStealer, Cyber Security, Data Security, Illegal Downloads, malware, Ophtek, , , ,
23
Mar 2021

The world of illegal downloads is a dangerous place to travel to and the emergence of the CopperStealer malware demonstrates why.

Ever since the dawn of the world wide web, there have been illegal downloads. And pretty much anything that runs on a PC can be downloaded illegally. The new Kings of Leon album, the latest Marvel movie or even the most up-to-date version of Microsoft Office can be found online for zero dollars and zero cents. However, the fact that these downloads are illegal means that, aside from the fact that you’re committing a felony, you could download more than you bargained for.

CopperStealer is the perfect example of this dangerous activity, so we’re going to show you exactly what can happen.

What is CopperStealer?

The CopperStealer malware is believed to have been active in the wild since 2019, but its malicious activity has only just been detected. CopperStealer relies on illegal downloads to infect workstations and does this by either masquerading itself as, for example, a Windows 10 install file or by bundling itself with a genuine piece of software. Either way, when the person downloading the file tries to install their illegal software, they will inadvertently install CopperStealer on their system. This allows the malware easy access to PCs and does it with the help of the unwitting victim.

Once CopperStealer has taken hold on a PC it begins working quietly in the background as it harvests user information. In particular, it’s exceptionally hungry for login credentials; details for major platforms such as Amazon, Google, PayPal and Twitter have all been targeted by CopperStealer. These are all websites that are used by organizations to store huge amounts of personal data, so the threat that CopperStealer represents is serious. As well as this major threat, CopperStealer also finds time to download additional malware in order to compromise infected systems even further.

How To Protect Yourself from CopperStealer

There is one simple move you can make to defend yourself against CopperStealer: don’t get involved with illegal downloads. Not only is there the threat of unwanted malware being bundled with them, but you risk installing unpatched software without the safety net of available support. Thankfully, CopperStealer is far from sophisticated, certainly compared to other contemporary malware, and can easily be removed with anti-malware software such as AVG and Kaspersky products. Naturally, you will want to make sure that your anti-malware application is fully up to date to protect against all the latest threats.

Final Thoughts

The temptation of illegal downloads, especially when we are living in a time of economic turbulence, is strong, but it pays to resist it. If, for example, your PayPal credentials are stolen then you and your customers could face some significant financial hardship. Therefore, it’s crucial that you always pay for your software. This will, as discussed, ensure you receive regular updates and patches as well as providing you with peace of mind that your software is clean.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 12 13 14 15 16 21