Tuesday, February 23, 12:42
Home security StrongPity distributes spyware through malicious WinRAR, Winbox, IDM

StrongPity distributes spyware through malicious WinRAR, Winbox, IDM

Some publications of the file compression tool WinRAR and software Winbox have been tampered with and used for install malicious software. According to investigations, this spyware deployment campaign began in the second half of 2018 but is still going on. OR campaign comes from the group StrongPity, which specializes in the so-called watering hole attacks with the aim of espionage.

StrongPity, also known as Promethium, drew attention to 2016 when it used websites to distribute trojanized versions of WinRAR and TrueCrypt. However, it is active from 2012. He has used zero-day many times vulnerabilities in spear-Phishing attacks.

Her researchers AT&T Alien Labs they found a few days ago a new one malicious software. Installation was done by one a trojanized but fully functional copy of Winbox (sample analysis) for Windows systems.

There was no difference in function to suspect the victims that something was wrong.

The newer versions of the popular WinRAR (sample analysis) and Internet Download Manager (sample analysis) are also used for installation spyware by the StrongPity team.

Spyware looks for documents and communicates with the command and control server via an SSL connection. Also, according to a report by researchers, allows remote access access.

In the past, hackers have also used other popular software to install malware. Some of these are: CCleaner, Driver Booster, Opera Browser, Skype and VLC Media Player, Antivirus and 7-Zip.

Since it seems the hackers group uses methods and techniques, which has previously been used in other campaigns to distribute malware. In December of 2017, ESET had made a report on a StrongPity group campaign that concerned an Internet service provider.

StrongPity targeted some victims, and when they tried to download the software (which they considered legitimate) they were led to the malicious version.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement


Python is under pressure to release updates to address an RCE vulnerability

Python Software Foundation (PSF) has released Python versions 3.9.2 and 3.8.8 to address two major security glitches, including an error ...

7 dangers of dual booting Windows and Linux

https://www.youtube.com/watch?v=ZUvqVlF4x5E Εάν σκέφτεστε να εγκαταστήσετε ένα δεύτερο λειτουργικό σύστημα στον υπολογιστή σας, καλό είναι να λάβετε υπόψη...

A UK court has rejected Epic Games' lawsuit against Apple

The Competition Appeal Tribunal of the United Kingdom rejected the lawsuit of Epic Games against Apple, with which the ...

Powerhouse VPN products are used in DDoS attacks

Some botnet operators abuse VPN servers by the VPN Powerhouse Management provider as a way to bounce and boost unwanted traffic ...

Social media users are more prone to misinformation

According to a survey, users who choose social media as a key source of information on important issues, such as Covid-19 or ...

Austin Energy - Texas: Scammers threaten customers with power outages!

Austin Energy, a public utility that supplies electricity to the city of Austin, Texas and surrounding areas, issued on ...

Apple: Displaces Samsung and becomes the number 1 smartphone seller

According to the company Gartner, Apple is coming back to the top and becomes the number 1 smartphone seller (taking the position from ...

NurseryCam: Webcam monitoring system for kindergarten children exposed to hackers

NurseryCam, a company providing webcam systems, which allow parents to watch their children while in kindergarten, informed ...

Russia behind massive cyber attacks on Ukrainian sites!

Ukraine on February 22 accused anonymous Internet networks connected with Russia of massive cyber-attacks aimed at ...

Starlink Satellite Internet: Musk promises double speeds by 2021

SpaceX CEO Elon Musk said on Twitter that the company's satellite Internet service ...