Beware Of Weaponized EBooks That Deliver AsyncRAT

andreasc
-
0
Beware Of Weaponized EBooks That Deliver AsyncRAT
[ad_1]

EBooks are popular, and their popularity lucrative threat actors the most, as they are widely shared digital assets that can easily circumvent security measures. 

Threat actors exploit users’ trust in seemingly harmless documents by embedding malware in eBook files or disguising malicious code as legitimate eBooks.

ASEC researchers reported that AsyncRAT distribution is via multiple file extensions (.chm, .wsf, .lnk), with threat actors hiding the malware in apparently normal document files like questionnaires.

Are you from SOC/DFIR Teams? - Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files

Weaponized EBooks Deliver AsyncRAT

Recently, a new tactic emerged where AsyncRAT is disguised as an eBook, demonstrating the evolving methods used to trick users into executing this remote access trojan.

Malicious eBook (Source – ASEC)

Within the weaponized eBook package, there is a fraudulent icon indicating an LNK file containing malicious code, another TXT file with a hidden PowerShell script, compressed video files, and an actual eBook.

A malicious LNK file (Source – ASEC)

Upon execution, it runs RM.TXT’s hidden PowerShell script through the LNK file, which then hides the downloader malware folder and performs an obfuscated script.

Based on security products found by this script, it can begin the real malware from fake video files.

Compressed files disguised as video files (Source – ASEC)

In total, three functions decompress the hidden files, register the task schedules, and execute the scripts. To run the AsyncRAT, these scripts gather the following data:-

  • System information
  • Load obfuscated files

The malware masquerades as legitimate processes to evade detection and uses various obfuscation techniques.

The AsyncRAT, the final payload, features anti-detection mechanisms, persistence, and data exfiltration capabilities. 

It’s distributed through various methods, including disguised files on sharing sites and phishing emails, making it a versatile and dangerous threat.

IoCs

MD5s:-

  • dea45ddf6c0ae0f9f3fde1bfd53bc34f (VideoVLC_subtitles.exe)
  • b8d16e9a76e9f77975a14bf4e03ac1ff (RM.TXT)
  • 50005f22608e93dff1d9ed18f6be95d3 (Business Secrets from the Bible – Rabbi Daniel Lapin.LNK)
  • 1ada2c6796a3486b79c5eb47fce9b19c (worldofprocure.rar)
  • 21714b248ab9ca42097a7834251a7452 (NTUSER.vbs{428f9636-1254-e23e3-ada2-03427pie22}.TM.vbs)

C&C Server:-

Download URL:-

  • hxxps://worldofprocure[.]com/worldofprocure.rar

“Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!”- Free Demo


[ad_2]
Source link

OnePlus Pad 2 set for a price hike, check pre-launch offers

andreasc
-
0
OnePlus Pad 2 set for a price hike, check pre-launch offers
[ad_1]

OnePlus is gearing up to launch a new flagship Android tablet this Tuesday. The OnePlus Pad 2 will bring some notable hardware upgrades over its predecessor and will allegedly cost more. A tipster recently revealed its price and confirmed some of the rumored specs.

OnePlus Pad 2 price leaked a day before launch

The flagship Android tablet market isn’t as crowded as the smartphone segment. Samsung is the global leader in this niche, but OnePlus may have a plan to catch up to it. It offered great value with its OnePlus Pad and seemingly aims to repeat that with the second-gen model. We are saying that despite a rumored price hike.

According to tipster Yogesh Brar, the OnePlus Pad 2 will have an MRP (Maximum Retail Price) of ₹47,999 in India. But as a standard business practice, the company will generally sell it for ₹45,999, which is approximately $550 in the current currency exchange rate. Based on last year’s pricing, the US price of the new tablet should be in a similar territory. The first-gen model started at ₹37,999 in India and $480 in the US.

Brar also shared a photo of the retail box showing the MRP, weight (584 grams), and dimensions (268.6×195.0×6.5 mm) of the OnePlus Pad 2. The upcoming tablet is bigger (the same thickness) and heavier than its predecessor. It sports a bigger display, a 12.1-inch 3K IPS LCD panel likely with one billion colors, Dolby Vision and HDR10+ support, and at least a 144Hz refresh rate. The device supports stylus input.

Powered by the Snapdragon 8 Gen 3, the new OnePlus flagship tablet might be a worthy competitor to Samsung’s Galaxy Tab S9 lineup (the Galaxy Tab S10 series arrives later this year). It boasts an unchanged 9,510mAh battery with the same 67W charging speed. The device’s camera setup also remains unchanged—a 13MP camera on the back and an 8MP selfie shooter. It runs Android 14-based OxygenOS 14 out of the box.

Register your interest in the upcoming OnePlus tablet for exclusive offers

Ahead of its launch tomorrow, OnePlus lets potential buyers grab exclusive OnePlus Pad 2 offers through its website in the US. A $10 non-refundable early-bird coupon gives buyers $100 off on the tablet when it goes on sale. The tablet will debut alongside a Smart Keyboard and the Stylo 2 (stylus pen). These accessories will reportedly cost ₹11,999 (~$144) and ₹5,000 (~$60), respectively. Maybe OnePlus will introduce a bundle offer for all three products. Stay tuned for the official launch on Tuesday.


[ad_2]
Source link

Get the Meta Quest 3 for $50 off during Amazon Prime Day

andreasc
-
0
Get the Meta Quest 3 for $50 off during Amazon Prime Day
[ad_1]

Your ticket to the metaverse is now cheaper! Amazon Prime Day is going on, and companies are offering their devices at a low price. The Meta Quest 3 is now $50 off for Prime Day. This brings the price down to $449.99.

If you’re curious about trying out Amazon Prime, but you’re unsure, try a 30-day free trial. This is only for new members.

This is the latest device from the company, and it brings top-of-the-line AR and VR capabilities. Meta greatly improved over the Quest 2 in several ways. It has a sharp screen with a 2064 x 2208 resolution. That’s good enough to give you a great viewing experience. Not only that, but the display also runs at 120Hz.

The version that’s on sale is the 128GB variant. That gives you enough storage for plenty of VR apps and games. There are a ton of apps that you can choose from that can either be fun or productive.

The Meta Quest 3 uses the powerful Qualcomm Snapdragon XR2 Gen2 SoC. This, coupled with the 8GB of RAM, gives the headset some amazing performance. You’re going to have a smooth experience.

As for the controls, you’ll use the two handheld motion trackers. There are buttons and joysticks on either motion tracker that allow you to control the content on your screen. This is an intuitive method of manipulating the content and playing games.

If you’re planning on using this headset, It’s good to know how long the battery lasts. You’re looking at about 2.2 hours of use on a single charge. That’s not the longest, but it’s still long enough to get a movie or some good gameplay in.

There’s a lot to love about this headset, and the $50 discount only makes it that much better. You’re getting one of the best mixed-reality headsets on the market.


[ad_2]
Source link

Google Maps rolling out one minor UI change that should make it easier to use

andreasc
-
0
Google Maps rolling out one minor UI change that should make it easier to use
[ad_1]
Google Maps is now rolling out a set of new changes on Android phones, which aim to make the app easier to use and understand. One of the most notable ones is the use of “sheets” instead of full screens to further streamline the look of the app.

These sheets are like smaller windows that pop up on top of the map. They have rounded corners and let you see more of the map while you’re using them. It’s a subtle change, but it makes the app feel less cluttered and helps you stay oriented while you’re exploring.

Google Maps before and after the new “sheets” | Images credit — 9to5Google

For example, if you look up a place, the information will show up in a sheet instead of taking over your whole screen. You can close the sheet with a tap or a swipe. And if you want to get directions, the tools for choosing your mode of transportation (like driving or walking) are now at the bottom of the screen, making them easier to reach.

Google has been working on this redesign throughout the year. They tried it out earlier this year but made some changes based on user feedback. Now, the new design is finally being rolled out to everyone who has the Google Maps app on their Android phone. If you have an iPhone, you’ll have to wait a bit longer.

These are all the key changes to Google Maps for Android that are currently rolling out:
  • Sheets instead of full screens for a cleaner look and better map visibility
  • Rounded corners on sheets for a more modern feel
  • Easier access to transportation mode options at the bottom of the screen
  • Redesigned interface for searching for directions


This update is all about making Google Maps more user-friendly and doesn’t really introduce any new functionality. However, by simplifying the design and making things easier to find, the app should become more helpful, particularly when you are out on the road in a hurry. If you have Google Maps on your Android phone, keep an eye out for this update rolling out to the stable version 11.136.x.


[ad_2]
Source link

CapraRAT Android Spyware Campaign Targets Gamers, TikTokers

andreasc
-
0
CapraRAT Android Spyware Campaign Targets Gamers, TikTokers
[ad_1]

Researchers found a new malware campaign from the long-known CapraRAT Android spyware that impersonates legit apps. This time, the spyware mimics apps to target TikTok users, gamers, and other user groups.

CapraRAT Spyware Mimics Android Apps To Trick Users

According to a recent post from SentinelLabs, their researchers observed a new CapraRAT Android spyware campaign aimed at specific user groups, including TikTokers and gamers.

As explained, the researchers found four new APKs posing various apps, some even hiding behind legit applications. To help users potentially running the malicious applications on their devices, below we list the application and package names to spot.

  • Crazy Game (com.maeps.crygms.tktols): An app impersonating the legit gaming platform “Crazygames.com” to trick gamers.
  • Sexy Videos (com.nobra.crygms.tktols): An app redirecting to YouTube videos.
  • TikToks (com.maeps.vdosa.tktols): An app mimicking TikTok video platform, aimed at targeting TikTok users.
  • Weapons (com.maeps.vdosa.tktols): This app, bearing the logo “Forgotten Weapons” (mimicking a YouTube channel of the same name) aims at weapon fans.

While all these four apps seemingly aim to serve different user groups, all of them work similarly, hinting at the widespread radius of this CapraRAT campaign.

The Recent Campaign Exhibits A Sneaky Behavior

In brief, the attack begins when a victim user downloads any of these apps. Upon installation, the app asks several intrusive permissions from the users, including access to SMS, contacts, GPS location, read/write access to storage, camera, audio recording, screen recording, call history, permission to make calls, and manage network state.

As obvious, many of these permissions are really not necessary for a gaming or video app, which must raise alarms to the user. However, most users do not focus on individual app permissions, thus falling prey to such threats.

Besides these permissions, the new malware variant also exhibits a WebView feature to launch links to legit sites to trick users. Moreover, the malware now appears more of a spyware than a backdoor (unlike its previous campaigns) as it ditches permissions to install packages or authenticate accounts. This sneaky behavior may even trick the most savvy users, staying under the radar for extended periods.

CapraRAT is a known Android spyware belonging to a suspected Pakistani state-actor group, Transparent Tribe (aka APT 36, Operation C-Major). This group, known since 2016, has run numerous malicious campaigns against users, particularly targeting Indian victims.

Let us know your thoughts in the comments.


[ad_2]
Source link

Save $50 on the Google Pixel 8a for Prime Day

andreasc
-
0
Save $50 on the Google Pixel 8a for Prime Day
[ad_1]

Google’s Pixel A phones are usually a great deal. However, why not knock some more money off of your purchase? For Prime Day, you can get the Pixel 8a for $50 off. This knocks the price down to $449.99.

If you’re curious about Amazon Prime, new members can try it out for free with a 30-day trial.

The Pixel 8a is the most recent smartphone released by Google, and it brings the power of the Tensor G3 SoC. This makes it one of the most powerful phones at this price point. Along with that, you have Google’s top-of-the-line software optimization. This all makes for an incredibly smooth experience.

The selling point of Google’s Pixel devices is usually the camera. Google uses some advanced hardware and software for its cameras. This gives its Pixel A phones camera performance that rivals phones twice their price. If you’re looking for a phone that can produce amazing pictures, then you should pick up this phone.

As for the screen, Google fits its devices with some great displays. You’re looking at a 1080p+ AMOLED display. Not only does it look great, but it looks great when outdoors. It has a peak of 2000 nits of brightness.

Being a Pixel device, you can expect all of the latest and greatest from Android. You’ll receive software updates early along with the other Pixel devices. This includes new features, security patches, and bug and stability fixes. Also, you’ll be early to receive the latest Android platform upgrades. It comes with Android 14 out of the box, but it will be one of the first devices to get Android 15 when it comes out.

This is truly one of the best Android experiences that you can get your hands on. At $50 off for Prime Day, it’s a pretty good deal. You won’t be sorry.


[ad_2]
Source link

Samsung Android XR headset’s dev version could launch in October

andreasc
-
0
Samsung Android XR headset’s dev version could launch in October
[ad_1]

XR enthusiasts have been eagerly waiting for the launch of a new Samsung Android XR headset for a while now. The South Korean tech giant announced its collaboration with Google and Qualcomm for a new XR headset initiative in February last year. The device was expected to launch in Q1 2024 but was repeatedly pushed back.

The details regarding the new Samsung Android XR headset have been scarce, up until now. According to a report by Business Insider, Samsung will launch a developer version of its Android XR headset later this year.

Samsung could start giving out an early version of its Android XR headset to developers at SDC 2024

According to the source, Samsung will launch a version of its Android XR headset for developers in October. Samsung has previously indicated that it will introduce something new in the XR segment before 2024 ends. But, this is the first time we’ve heard a specific month mentioned.

The report didn’t provide an exact launch date for the developer version. However, there’s a Samsung Developer Conference on October 3. If the report is true, the company could showcase its Android XR headset at this event. The brand may also start giving out the early version of the device to developers around the same time. So they can start making applications for the new headset.

It’s worth mentioning that during the recent Unpacked event, Rick Osterloh, Google’s SVP of Platforms & Devices, briefly mentioned the upcoming XR platform. Furthermore, TM Roh, President of Samsung’s Mobile Division, revealed that the new XR platform is “coming this year”. However, Roh refrained from sharing any other details like the features or general availability of the upcoming XR platform-powered headset.

The commercial product is said to be showcased in March 2025

Furthermore, the latest report suggests that Samsung could showcase the commercial version of the Android XR headset in March 2025. As always with rumors, nothing is certain until the company makes an official announcement.

Unfortunately, there’s not a lot known about the upcoming XR headset that’s Samsung developing with Google and Qualcomm. It could be a mixed bag offering all VR (virtual reality), AR (augmented reality), and MR (mixed reality) experiences in a single device. Only time will tell, so stay tuned for more updates in the future.


[ad_2]
Source link

DarkGate Malware Exploiting Excel Files And SMB File Shares

andreasc
-
0
DarkGate Malware Exploiting Excel Files And SMB File Shares
[ad_1]

DarkGate, a Malware-as-a-Service (MaaS) platform, experienced a surge in activity since September 2023, employing various distribution methods, including email attachments, malicious ads, and compromised Samba shares. 

Initially a human-operated command-and-control infrastructure, DarkGate has evolved into a versatile tool offering remote access, crypto mining, and other malicious functionalities. 

The malware has been actively distributed across North America, Europe, and Asia, leveraging AutoIt or AutoHotkey scripts for initial infection. 

Exploit.IN forum post by DarkGate developer RastaFarEye in October 2023

Their actors launched a campaign in March 2024, using Excel files disguised as legitimate documents to deliver malicious payloads, primarily targeting North America but expanding to Europe and Asia.

Are you from SOC/DFIR Teams? - Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files

The attack chain involves luring users to open Excel files with embedded links to publicly accessible Samba shares hosting VBS or JS scripts, which download and execute a PowerShell script, which in turn fetches and runs the final AutoHotKey-based DarkGate payload. 

The threat actors employed various evasion techniques, including obfuscation, legitimate software usage, and anti-malware detection checks, to hinder analysis and increase the malware’s persistence. 

Template used by .xlsx files used in this DarkGate campaign.

The malware employs anti-analysis techniques to evade detection by checking the system’s CPU to differentiate between virtual environments and physical hosts, potentially halting execution in controlled analysis settings. 

It scans for multiple anti-malware programs using specific directory paths and filenames, aiming to avoid triggering their detection mechanisms or even disabling them.

The malware’s ongoing evolution includes adding new anti-malware checks, demonstrating its adaptability to counter evolving security measures. 

DarkGate’s routine to check for the CPU is shown in a debugger.

Analysis Of DarkGate Samples Reveals XOR Key Variations

Two sets of DarkGate samples were examined where the first set shared the same campaign ID but had different XOR keys, while the second set shared both the campaign ID and the C2 server but also had distinct XOR keys. 

It indicates that DarkGate employs multiple XOR keys for the same campaign or C2 infrastructure, potentially hindering reverse engineering efforts and increasing malware resilience. 

DarkGate malware scans a host for specific processes and tools commonly used in malware analysis or virtual environments by employing a complex configuration decryption process involving XOR keys to conceal its behavior. 

While some configuration fields remain obscure, analysts have identified correlations between certain values and campaign identifiers. 

Multiple samples within the same campaign can utilize distinct XOR keys, suggesting an intentional obfuscation tactic to hinder analysis and understanding of DarkGate’s inner workings. 

Configuration data was extracted from a DarkGate sample first seen on April 16, 2024.

DarkGate C2 traffic, while appearing as unencrypted Base64-encoded HTTP POST requests, conceals obfuscated data, which can be decoded; further obfuscation exists. 

Unit 42 looked into an infection that happened on March 14, 2024, and found that five HTTP POST requests with nearly 218 KB of Base64-encoded data sent to nextroundstr.com could have leaked data. 

Although DarkGate’s primary function is unclear, its association with follow-on malware like Danabot and reported links to ransomware raise significant security concerns.

“Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!”- Free Demo


[ad_2]
Source link

Grab the Apple Watch Ultra 2 for $729 in Best Buy’s latest sale

andreasc
-
0
Grab the Apple Watch Ultra 2 for $729 in Best Buy’s latest sale
[ad_1]

Best Buy is holding its “Black Friday in July” sale right now, and it is seeing a ton of great deals ahead of Amazon’s Prime Day, which starts tomorrow. This includes the Apple Watch Ultra 2, which is now $729. That’s a savings of $70, which does bring it back down to its all-time lowest price.

The Apple Watch Ultra 2 was announced last September, as the successor to the very popular and successful Apple Watch Ultra. It, unfortunately, did not have a lot of changes from the original. But it did include the new double-pinch feature which is really useful when your hands are full. One of the big selling points of the Apple Watch Ultra 2 is the battery life over the regular Apple Watch. Apple touts that you can get 36 hours out of it, which is about two full days, depending on your usage. That’s double the regular Apple Watch’s battery life.

Buyers also love the Apple Watch Ultra 2 for the titanium casing and sapphire crystal display, which makes it almost impossible to scratch or shatter. Since this watch is made for adventurers and those that love to get dirty in nature. So using that material makes lots of sense.

With this deal, you can also trade in a watch to Best Buy. You won’t get a ton, as it looks like the most you can get is $265, but hey that’s better than nothing.

Buy at Best Buy


[ad_2]
Source link

Google nears $23 billion acquisition of cybersecurity startup Wiz

andreasc
-
0
Google nears $23 billion acquisition of cybersecurity startup Wiz
[ad_1]

Google is reportedly closing in on its biggest acquisition ever. The tech titan is on the verge of buying cloud cybersecurity startup Wiz for around $23 billion, The Wall Street Journal reports. The talks have already progressed to an advanced stage, people familiar with the matter told the publication. The biggest Google acquisition so far is Motorola Mobility, which it bought for $12.5 billion in 2012 and sold for $2.91 billion in 2014.

Google is in advanced talks for a $23 billion acquisition of Wiz

Founded in 2020 by four former Microsoft employees, Wiz is a New York-based cloud cybersecurity provider. It specializes in analyzing corporate cloud computing infrastructure for combinations of risk factors that could lead to security breaches. The startup uses data from Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Oracle Cloud, and other cloud platforms to identify potential risk factors.

The firm’s solutions allow companies to “rapidly identify and remove critical risks” and secure their cloud platforms. In August 2022, Wiz claimed to be the fastest startup to scale from $1 million to $100 million in annual recurring revenue  (ARR). It allegedly achieved the feat in around 18 months. The startup has raised $1.9 billion in various funding rounds in its lifetime. Of that, $1 billion came in Series E funding in April 2024.

Wiz raised the money at a $12 billion valuation. Google is seemingly buying it for almost double that amount. The company likely sees Wiz’s technologies as a valuable addition to fortify its cloud business. The business division grew 28% in the first quarter of 2024, securing a revenue of $9.57 billion. The tech biggie would want to strengthen its security measures amid increasing demand for cloud-based generative AI tools.

Google has already invested big in acquiring cloud security startups. In January 2022, it acquired Israel-based startup Siemplify for $500 million. The firm followed up with a $5.4 billion acquisition of Mandiant later that year. Wiz might soon join the internet behemoth’s ever-growing cybersecurity umbrella. It seemingly wants to take no chance against fast-evolving threat actors who have hacked the servers of some of the biggest tech firms in recent years.

The deal might face strict regulatory scrutiny and could even fall through

While Google and Wiz look likely to agree on an acquisition deal, they may find it difficult to please the US regulators. The Biden administration has been tightening regulatory scrutiny on tech biggies. Time will tell whether the Android maker can bring another cloud security provider under its sleeve or if American lawmakers prevent that from happening on fair competition grounds. Expect more details in the coming weeks.


[ad_2]
Source link
1...343536...1,453Page 35 of 1,453