Friday, January 15, 20:56
Home security Hackers spread malware to managed service providers

Hackers spread malware to managed service providers

Hackers are spreading complex malware to managed service providers (MSPs) by developing multiple and sophisticated stealth techniques to avoid detection, Huntress Labs said in an updated blog post.

MSPs are particularly attractive targets for hackers because they typically work with multiple clients, so one piece of malware can scan many potential victims at a time. Huntress, which provides tracking and response management (MDR) services through MSP, has for the first time revealed procedures of Malware on a Blog Posted Last June. Subsequent blogs have focused on how malware covers them actions of.

hackers malware

At first glance, the malware looked like a log file for an application - so it hid it activity - but looking closely we found that the file "is related to a malicious base we discovered", said Huntress co-founder John Ferrell in the original post. "Malware writers used different things tricks to hide, including renaming legal files, of disguise as existing programmed work and the use of malicious payload stored in a file created to look like an error log. ”

A closer look

The error, as John Hammond, a senior Huntress security researcher, said in the updated blog, is a "multi-stager, multi-payload." While malware payloads that are delivered gradually is not uncommon, the level that reaches this malware to prevent its detection is unique. It is also smart enough to be able to go unnoticed by a standard program antivirus or endpoint, he said.

An initial payload is delivered using genuine "Windows binaries" to extract and execute a new PowerShell code containing another piece of concealed and encrypted data for recovery a second payload using Google DNS over the HTTPS service. "Using DNS over HTTP as a means of receiving another malware payload is a very clever trick," said Hammond. To deliver the final payload, the malware code reaches one external server which installs the final command and control strain to give the hacker control of the target systemic.


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehc
Be the limited edition.


Android: How to see which apps have access to your site

It's no secret that smartphone apps have access to many permissions - if you let them. It is important to make sure ...

Canon lets you take pictures from space

Instead of releasing new cameras for CES 2021, Canon is doing something different: It lets you take pictures from space ....

Wikipedia vs Big tech: Who fights misinformation?

As Election Day turned into US Election Week, Facebook, Twitter and YouTube were trying to prevent ...

Tesla: It is called to recall cars due to problematic screens

The touch screen in some Tesla cars seems to have a problem, which could ...

Ransomware is responsible for half of all data breaches in hospitals

Almost half of the data breaches committed in hospitals and the wider healthcare sector are due to ransomware attacks, ...

Astronomers have just found the oldest oversized black hole

A quasar was discovered in a dark corner of space - over 13,03 billion light-years away - and contains a ...

What are the best and most affordable 5G phones for 2021

The market will soon be flooded with mid-range 5G devices. Everything that happens will be really exciting: you will be able to ...

Verified Twitter accounts in a cryptocurrency scam with the name of Elon Musk violated!

Lately, hackers have been violating verified Twitter accounts in a cryptocurrency giveaway scam, in which the name of the CEO is used ...

Classiscam: Fraudsters "fake" brands and deceive users of European markets!

Dozens of criminal gangs publish fake ads in popular online markets, to attract unsuspecting users to "fraudulent" commercial sites or phishing ...

iOS 14.4: Displays a notification for repairs with non-genuine cameras

Starting with the iPhone 11, Apple has added a notification to iOS that tells the user when the device has a ...