Chrome & Firefox extensions stole millions of data
infosec

Chrome & Firefox extensions stole millions of data

A huge leak of data was discovered by security researcher Sam Jidali and his team. Leakage came from 8 ...
Read More
infosec

The first Online Mobile Malware Observation for Android from Upstream

Secure-D, the Upstream security platform, the leading Greek technology company, launches the first online Mobile Malware Observatory with ...
Read More
infosec

Password Alert: 72% of users are recycling passwords!

Password Alert: Users recycle the same password on average four times, according to a Security.org report ....
Read More
infosec

Oakland: The third US city forbidding face recognition

Oakland, California, becomes the third US city that has decided to ban face recognition software from ...
Read More
infosec

Apps are removed from the Google Play Store due to ads

Google has taken strictest measures against apps in the Play Store, which are trying with insidious methods to abuse their ...
Read More
Latest Posts

Buhtrap: He was attacking exploiting Microsoft's zero-day vulnerabilities

Buhtrap

As already mentioned in a previous article you will find hereThe Patch Tuesday Microsoft for July 2019 bears 77 defects, including some very dangerous. The first defect with a code name CVE-2019-1132, refers to the Win32k element and can theoretically be used to code. The second, which has the name CVE-2019.0880 has an influence on Windows 7 and Server 2008. In practice, it has to do with the way the splwow64 handles some calls. ESET's specialists say that zero-day Windows CVE-2019-1132 defect, gave the opportunity to a group named Buhtrap to attack targeting a governmental organization in the East of Europe.

Buhtrap

It was the first time that Buhtrap used zero-day vulnerability to make an attack. But it was not the first time she'd ever appeared. Since 2015 has so far successfully carried out 13 attacks against financial institutions, stealing more than 1,8 billion RUB (about 27,4 million dollars). According to ESET, the team was named by the words Buhgalter (meaning an accountant in Russian) and trap - as we say trap. Its attacks have so far been in Russia and Ukraine, like the Anunak / Carbanak group.

Buhtrap

ESET reported directly to microsoft the attack, which was based on a popup menu. They attacked using a document to promote one backdoor, which has the ability to steal information and data through a module called "grabber". The grabber is an autonomous password theft tool. Once he / she gets the codes he / she wants, he / she sends them immediately to the programmed ones servers.

The second module is more than expected by Buhtrap. An NSIS installation program, containing a legitimate application which will be destroyed to load Buhtrap's central backdoor. The lawful application abused in this case is AVZ, a free antivirus.

Still we are not in a position to know why this particular team worked in this way, but it is very likely in time to make it look again.

Share
Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *