Hackers Use Microsoft Platform to Launch Malware Attacks

data harvest, Hackers, malware, MSBuild, Ophtek, redline stealer, , , ,
01
Jun 2021

Hackers are innovative and industrious individuals, a description which is best demonstrated by their recent leverage of MSBuild to deliver malware.

The Microsoft Build Engine (MSBuild) is an open-source platform which allows software developers to test and compile their source codes. Operational since 2003, the platform has proved to be highly popular with developers and, accordingly, supports a large number of users. And it’s this popularity which has made it so attractive to hackers. By targeting these source codes at a development stage, the hackers are able to piggyback their malicious software into genuine software.

While your organization may not be involved in software development, there’s always the risk that you could end up working with software which is pre-loaded with malware. Therefore, we’re going to take a look at this MSBuild hack.

How are Hackers Infecting MSBuild?

Project files housed within MSBuild can be integrated within executable files which allow the hackers to launch their malicious payloads. But, as ever, hackers have been keen to remain stealthy; the infected payload does not run as a file. Instead, the malicious code is loaded into the PCs memory and it is here that the attack is launched. So far, it has been established that at least three forms of malware have been injected into systems via this approach. Redline Stealer, Remcos and QuasarRAT are the most recognisable forms of malware and have the potential to cause great damage.

Redline Stealer is primarily used as a data harvester and, as such, is mostly employed to steal login credentials and sensitive data. Remote access and surveillance, meanwhile, is the heartbeat of Remcos and allows hackers to hijack PCs remotely. Finally, QuasarRAT is another remote access tool and one which grants hackers full control of infected PCs. Naturally, these three malware variants are the last things you want on your system. And, given that they run filelessly and in the memory of a PC, it’s a threat which is difficult to tackle.

Protecting Yourself Against Memory Based Malware

Malware which operates from within the memory of your PC is difficult to tackle, but not impossible. Start by making sure you carry out these best security practices:

  • Monitor Network Activity: Regardless of whether a malware attack is file-based or fileless, there will be noticeable changes in your network activity. Any unusual spikes in data transfer or transmissions to unusual destinations should be investigated immediately.

Unfortunately, not all antivirus software can detect fileless malware such as that involved with the MSBuild hack. Conventional, file-based malware leaves behind digital footprints which are easy to detect, but this is not the case with fileless variants. In order to fully protect yourself, check with vendors whether their software has the capability to combat fileless malware.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Fake Clubhouse Ads on Facebook Were Packed with Malware

Ad-Blocker, Antivirus, Facebook Clubhouse, Fake Ads, malware, Ophtek, , , , ,
27
Apr 2021

Clubhouse is a social media app which is currently only available on Apple devices. But this hasn’t stopped hackers using it to exploit PC users.

The success of Clubhouse since its launch in April 2020 has ensured that it has grabbed numerous headlines. And everyone is keen to have a taste of the Clubhouse experience where audio content is king. But this is not yet an option for PC users. Nonetheless, the interest generated by Clubhouse means that the app has brought it to the attention of the hacking community. Using all their cunning and guile, these hackers have decided to use Clubhouse as a front for infecting PCs with malware. And they have been meeting this objective by running fake ads on Facebook.

Facebook currently has around 2.8 billion regular users, so the potential for success with this attack is large. Therefore, you need to be aware of what to look out for.

Fake Ads on Facebook

The promise of these fake ads on Facebook were simple: a Clubhouse app is now available for PCs, so get it now. It was an announcement which caught the eye of many PC users. But, unfortunately, there was no Clubhouse app for the PC. Instead, clicking the ad would take the user to a malicious website pretending to be an official Clubhouse page. On this page there was a download link for an app, but it was not Clubhouse; there would be no opportunity for social media activities on the malicious app. Once it was opened it would connect the victim to a remote server which then proceeded to download malware (including ransomware) on to the PC.

Combatting Fake Ads

Malvertising has been a common hacking strategy for some time now, but it is not one that many people are familiar with. And, given the size and scale of Facebook, it is surprising that their platform is open to such abuse. However, it is this size which makes it such an attractive proposition to hackers. If just 0.5% of Facebook’s audience fall for a scam then it’s a significant hit. Thankfully, this Clubhouse scam appeared to deactivate as soon as it was discovered. The malicious app no longer connects to a remote server and now only returns an error message. But it’s important that you know what you’re clicking on when you’re online.

In an ideal world, Facebook would fully vet every single advert submitted to its system. But this is impossible due to the sheer numbers involved. And, besides, they can easily be adjusted after being accepted on the platform. Therefore, it pays to carry out these best practices:

  • Verify Ad Destinations: Depending on which browser you use, you should be able to view where an ad will send you before clicking on it. Often, hovering over it is enough to display the destination within your browser. Alternatively, you can right hand click an ad and select “Copy link address” before pasting it into a program such as Notepad. If there is something suspicious about this link – such as a name which doesn’t match the promised destination – then don’t click the advert.
  • Run Antivirus Software: It’s crucial that you install antivirus software on your PC, particularly one that runs in real-time. These apps may not stop you clicking on infected adverts, but they can identify infected software. Accordingly, the malicious Clubhouse app would be detected and immediately quarantined.
  • Use an Ad-Blocker: An ad-blocker will block all the ads on a webpage, so this completely eliminates the risk of clicking on a malicious ad. This may sound perfect, but bear in mind that some websites may not run properly when an ad-blocker is used. In fact, many websites may not allow you to gain access to their content as a result. Luckily, websites that you trust can be listed as exceptions within the software.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

What’s a Keylogger? And How Do You Beat One?

anti malware, Cyber Security, keylogger, malware, Ophtek, spyware, , , ,
30
Mar 2021

One of the simplest forms of spyware you can run into is a keylogger. Capable of stealing large amounts of data, a keylogger is simple yet dangerous.

In the world of cyber-security, keyloggers are a frequently mentioned hacking device. But what exactly are they? And what should you do if you fall victim to one? These are important questions as keyloggers can cause immense damage. The main interest of a keylogger is data. In particular, keyloggers have an intense hunger for personal data. Login credentials, banking details and social security information are all at risk. Therefore, it’s critical that you know what a keylogger is, how it works and how to protect yourself.

Luckily, we’ve put together a quick guide to give you the lowdown on keyloggers.

A Beginner’s Guide to Keyloggers

As we have established, keyloggers thrive upon harvesting data from their victims. The simplest way that a keylogger can do this is by monitoring and recording the keystrokes that are made on an infected PC. The software behind a keylogger is simple and can quickly be installed on a PC either manually, through an infected website or as part of a malware package. Once it’s installed, the keylogger will work silently in the background as it records data. The harvested data will then be routinely transmitted to a remote server.

A keylogger can quickly harvest data that puts both organizations and their customers at risk. Not only can personal details be stolen and used for criminal means, but financial accounts can also be compromised. Almost all modern malware will contain some form of keylogger; this is unlikely to change while users continue to use their keyboards to enter data into PCs. But you don’t need to fear keyloggers. As long as you know how to protect your PC then you should be able to benefit from peace of mind.

Beating Keyloggers

It’s impossible to provide 100% protection against keyloggers, but it’s possible to strengthen your defenses to their maximum. And you can do this by carrying out the following:

  • Two-Factor Authentication: One of the best methods for thwarting hackers is by using two-factor authentication. Organizations can easily generate unique authorization codes that are forwarded to an individual’s phone/personal device. These one-off codes ensure that employees can gain access to their network, but, even if this code is harvested, it is useless.
  • Monitor Network Activity: A keylogger will need to contact its remote server to transmit its stolen data. But, to do this, it will need to leave your network. And this network activity can easily be monitored at your end. Any unusual traffic or external destinations should be investigated immediately and blocked if any malicious activity is suspected.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

CopperStealer Malware Shows the Dangers of Illegal Downloads

CopperStealer, Cyber Security, Data Security, Illegal Downloads, malware, Ophtek, , , ,
23
Mar 2021

The world of illegal downloads is a dangerous place to travel to and the emergence of the CopperStealer malware demonstrates why.

Ever since the dawn of the world wide web, there have been illegal downloads. And pretty much anything that runs on a PC can be downloaded illegally. The new Kings of Leon album, the latest Marvel movie or even the most up-to-date version of Microsoft Office can be found online for zero dollars and zero cents. However, the fact that these downloads are illegal means that, aside from the fact that you’re committing a felony, you could download more than you bargained for.

CopperStealer is the perfect example of this dangerous activity, so we’re going to show you exactly what can happen.

What is CopperStealer?

The CopperStealer malware is believed to have been active in the wild since 2019, but its malicious activity has only just been detected. CopperStealer relies on illegal downloads to infect workstations and does this by either masquerading itself as, for example, a Windows 10 install file or by bundling itself with a genuine piece of software. Either way, when the person downloading the file tries to install their illegal software, they will inadvertently install CopperStealer on their system. This allows the malware easy access to PCs and does it with the help of the unwitting victim.

Once CopperStealer has taken hold on a PC it begins working quietly in the background as it harvests user information. In particular, it’s exceptionally hungry for login credentials; details for major platforms such as Amazon, Google, PayPal and Twitter have all been targeted by CopperStealer. These are all websites that are used by organizations to store huge amounts of personal data, so the threat that CopperStealer represents is serious. As well as this major threat, CopperStealer also finds time to download additional malware in order to compromise infected systems even further.

How To Protect Yourself from CopperStealer

There is one simple move you can make to defend yourself against CopperStealer: don’t get involved with illegal downloads. Not only is there the threat of unwanted malware being bundled with them, but you risk installing unpatched software without the safety net of available support. Thankfully, CopperStealer is far from sophisticated, certainly compared to other contemporary malware, and can easily be removed with anti-malware software such as AVG and Kaspersky products. Naturally, you will want to make sure that your anti-malware application is fully up to date to protect against all the latest threats.

Final Thoughts

The temptation of illegal downloads, especially when we are living in a time of economic turbulence, is strong, but it pays to resist it. If, for example, your PayPal credentials are stolen then you and your customers could face some significant financial hardship. Therefore, it’s crucial that you always pay for your software. This will, as discussed, ensure you receive regular updates and patches as well as providing you with peace of mind that your software is clean.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

The Return of the Trickbot Malware

anti malware, malware, Ophtek, trickbot, two-factor authentication, , , , ,
09
Feb 2021

Some malware is incredibly difficult to remove, but it is removable. However, that very same malware could come back stronger than ever before.

We first reported on the Trickbot malware back in 2017 when it was being used to target banks in the US. Back then it was using web-injection techniques to infect users and steal login credentials. But much can change in three and a half years. Trickbot has steadily evolved to become a much stronger strain of malware. And this, naturally, means that its more dangerous. Therefore, even if you managed to beat Trickbot before, it’s going to require an even stronger battle this time around.

The good news is that we’re going to give you a lowdown on the latest variant of Trickbot and, more importantly, how to beat it.

What is Trickbot?

Trickbot has changed significantly since we last encountered it, so it’s crucial that we take a comprehensive look at it. Since its early days as a banking trojan, Trickbot has evolved several times. Enhancements to its design has allowed it to spread through networks rapidly and with stealth on its side. Trickbot has also been re-engineered to become a malware loader meaning that it can download even more malware to an infected system. It had appeared, last year, that a collection of tech companies had managed to take the Trickbot network down. But it appears that Trickbot is still active.

The latest Trickbot attack uses a social engineering approach to unleash its payload and is targeting legal and insurance companies in the US. Phishing emails are being distributed which inform the recipient that they are responsible for a traffic violation. A link contained within the email promises to deliver proof of this violation. But the true destination of this link is a website which will download an infected ZIP file. This infected file will then connect the user’s PC to a remote server and completes the infection by downloading further malware.

How to Beat Trickbot

Good security practices are essential when it comes to beating malware such as Trickbot. Protect yourself by carrying out the following:

  • Install Your Updates: Vulnerabilities in your hardware and software allow malware such as Trickbot easy access into your system. Plug this gap by installing all updates when prompted to and, where possible, set these to automatic installs.
  • Teach Email Safety: The busy pressures of the working day mean that we can sometimes switch to automatic when checking our emails. However, by taking a few moments to carry out some basic checks you can make sure you don’t fall victim to malicious emails.
  • Two-Factor Authentication: Trickbot is well known for being able to spread through networks like wildfire, but you can limit this spread. By installing a method of two-factor authentication on your network you can make this spread much harder.
  • Use Anti-Malware Software: A wide range of anti-malware software is available – much of it at no cost – that can protect your PCs from malware. Windows itself has Windows Defender built into it as standard, so make sure you have something in place. And, don’t forget, make sure the software is turned on.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 12 13 14 15 16 29