Malicious HDMI Cables Steals Photos, Videos, and Location Data

0
[ad_1]

John Bumstead, who works for a company called 404Media that fixes and sells used electronics, found an iPhone-to-HDMI adapter that seemed normal at first. However, the app that came with it was tricky because it asked users to scan a QR code.

This code leads to an ad-filled website, prompting downloads of an invasive app that requests various permissions, collects data, and sends it to China.

Bumstead tweeted about a spy-themed lightning cable, and unlike the HDMI adapter, this cable is a knockoff but resembles Apple’s design.

MG, the researcher behind the malicious Lightning cables, included the risky adapter, anticipating users installing questionable apps.

Document
FREE Demo

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

Malicious activity
Malicious activity (Source – 404Media)

Technical analysis

The researcher used an old iPhone to connect the cord, which displayed a QR code and “LIVE TV” branding. Scanning it led to EZ Cast’s website, boasting over 10M users worldwide.

Check Point previously analyzed an insecure EZCast device, which could be easily brute-forced due to a weak 8-digit password. The company contacted EZCast in 2016 but received no response, indicating a lack of security considerations. 

The website displayed ads for a streaming service called ‘FANJESTIC,’ known for difficult cancellations, unrelated to the EZ Cast app obtained via the QR code.

The app requested location access and Privacy Policy acceptance from Actions Microelectronics Co., Ltd., outlining the collection of the following data:-

  • Email address
  • Use tracking cookies
  • Take location
  • Track favorite videos
  • Track videos watched
  • Track bookmarks
  • Track location Data
  • Track Sensor Data
  • Tracking Cookies Data
  • Installed Apps Data

The data collection aimed at targeted ads and required access to the Local Network, photos, settings, Bluetooth, and camera.

While fascinated by unusual cables and gadgets, the adapter’s significance is tied to the FTC’s Amazon lawsuit which highlighted the site navigation issues and spammy ads.

Malicious cords
Malicious cords (Source – 404Media)

Recyclers often acquire Amazon returns, including cables Bumstead collects from them. While not entirely certain it all comes from Amazon, recyclers have indicated so, as Amazon disposes of unsold FBA inventory.

Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.


[ad_2]
Source link

New update brings emoji reactions to Gmail for Android

0
[ad_1]

Google has added support for emoji reactions to emails. The new feature was in the works for the past few weeks and is now rolling out to Gmail users on Android. The company plans to expand its availability to the iOS app and the web version of Gmail over the next few months.

Gmail for Android gains emoji reaction support

The latest version of the Gmail app for Android adds a new “Add emoji reaction” button to the bottom of an email. Tapping it will bring up the usual emoji picker, with the “More” button letting you see more emojis. Select an emoji to send it as your reaction to the message. Of course, you can always send a text response to the message if an emoji reaction isn’t enough.

For group emails, the app will show reactions from other users as well. You can press and hold an emoji to see who reacted using that emoji. You can quickly react to the message by tapping one of those emojis. However, the feature isn’t available for emails sent to more than 20 recipients.

If you want to react to an older message in a thread, you can do that by tapping the More button (three vertical dots) next to it and selecting “Add reaction.” Google also lets you remove or undo an emoji reaction after adding it. However, you must act quickly — you have 5-30 seconds to remove the reaction, depending on your “Undo Send” settings in Gmail. You will see an “undo” button below the message after you add a reaction.

Update your Gmail app to get this feature

Gmail’s emoji reaction feature is only available on the latest version of the app for Android, which you can download from the Google Play Store (link below). If you’re using an older version, you won’t be able to react to messages with emails. Reactions from other users may also come as an email with a link that says “[Name] reacted via Gmail.”

Google says you may get these emails for emoji reactions if you have turned off the Conversation view, don’t have a Gmail address, use a third-party email app such as Apple Mail or Microsoft Outlook, or use a work or school account. Moreover, you can’t react to emails if you use a work or school account or if you are in BCC.

The feature doesn’t work for messages sent to a group email list as well. Additionally, Gmail only lets you send a maximum of 20 emoji reactions to the same message. Reactions aren’t available for emails with Client-side encryption or when the sender has a custom reply-to address. You can click the button below to download the latest update for the Gmail app for Android.

DOWNLOAD GMAIL


[ad_2]
Source link

How is 5G changing sports betting?

0
[ad_1]

Since 5G has been rolled out in many densely populated cities across the globe, or even where it has been rolled out in sparsely populated rural areas, sports betting has become more easily accessible than ever, and both customers and iGaming operators have benefitted in several ways.

5G is helping to shape the sports betting industry as we know it. Let’s dive straight in to discover exactly how 5G is changing sports betting in South Africa and worldwide.

The impact of 5G on sports betting

One of the biggest impacts that 5G is having on sports betting is that sports betting fans can now place strategically timed in-play bets directly from their smartphones as the events unfold with relative ease.

Previously, placing bets in sports stadiums from a smartphone using the less reliable 4G network was much more challenging. However, using things like the official 10bet sports betting app – South Africa from a 5G-enabled mobile to place sports bets online has made things more reliable and consistent.

5G comes with higher bandwidth and lower latency, meaning there’s very little chance of getting disconnected halfway through placing a bet. In other words, 5G is great for sports betting fans who never have to worry about missing a bet ever again.

5G also means that more people can place more bets, meaning the iGaming operators will make more money. Even if you can’t attend the action in person at a sports stadium, for example, 5G coverage means you can live stream the event instead, uninterrupted, without annoying lagging or buffering issues.

What are the best 5G-ready mobiles?

If you want one of the best 5G-ready smartphones money can buy, some of the most trusted devices out there today with the best reviews are the following devices:

– Apple iPhone 14 Pro
– Apple iPhone 15
– Apple iPhone 15 Pro
– Apple iPhone 15 Pro Max
– Samsung Galaxy Z Fold 5
– Samsung Galaxy S23 Ultra 5G
– Google Pixel 7a
– Asus ZenFone 9
– Motorola One Ace 5G
Motorola Razr+
– OnePlus 10T
– OnePlus Nord N20 5G

These 5G-ready smartphones make life easier for sports bettors and make today’s best live dealer casino games and regular online casino games you can play at these sites look so much better.

They also improve your viewing experience when you next watch your favourite shows and movies on Netflix, Prime, Paramount+, Disney+, or live sporting events on your chosen sports streaming platform.

Now that I have a 5G-ready smartphone, which sports betting site is the safest if I live in South Africa?

After purchasing one of the top-rated 5G smartphones mentioned above, if you’re looking for a safe and secure South African online sports betting site that has some most competitive odds of the iGaming industry, try 10bet.

It’s free to sign up to, accepts South African Rand, and welcomes a variety of tried and tested SA online payment options. For example, if you prefer using prepaid voucher cards to top up your account, you can use Blu Voucher, EasyPay, OTT Voucher, or 1Voucher (aka 1ForYouVoucher),

10bet also accepts Masterpass and Zapper Scan to Pay methods (where you top up your account using a QR code), EFT (electronic funds transfer), and credit & debit cards like Visa and Mastercard.

10bet is protected by SSL encryption. It’s fully licensed by the Mpumalanga Economic Regulator (MER) and the UK Gambling Commission (UKGC), and it’s controlled by a reputable name.

10bet also now happens to be the official sponsor of South Africa’s Lamontville Golden Arrows football team AND the senior men’s professional football team in South Africa (aka Bafana Bafana).

In other words, there is no better place to play. It has excellent reviews and provides regular betting and live betting (in-play betting) services with thousands of markets for hundreds of today’s biggest sporting events.

Can I still place bets using a 4G mobile?

Yes. You can still place bets when connecting to the 4G network. However, there are now many parts of South Africa, including metropolitan areas like Cape Town, Durban, Pretoria, and Johannesburg, where 5G has been rolled out. Therefore, you may consider upgrading your device and connecting to the 5G network for a better online experience.

Final note

To sign up to 10bet – South Africa’s number one iGaming site, you must be at least 18 years old. Don’t forget, if you register your free account today, you can instantly get up to R3,000 in free money on top of your deposit.

The 10bet welcome bonus also includes up to a FREE R500 sports bet and 10 free spins to try out a popular online slot machine called Tut’s Twister. It takes less than a minute to sign up, and you can claim your welcome bonus when you deposit at least R50 on your first-ever deposit.


[ad_2]
Source link

Gmail will make it easier to unsubscribe from mailing lists, targets spam with new guidelines

0
[ad_1]

Tired of clicking through windows and windows just to unsubscribe from that annoying mailing list you don’t even remember subbing to that clogs your inbox? Well, 9to5Google now reports Mountain View is targeting those who abuse their bulk-emailing powers and will be giving you the option to unsubscribe from mailing lists more easily next year.

Gmail will force bulk email senders to give you an easy way out, by February next year


Google now has new requirements for bulk senders aimed at reducing the spam that users on Gmail have to deal with. Bulk senders are classified to be senders that send over 5,000 messages to Gmail addresses in one day. Those are usually marketing campaigns and in general commercial emails, but could also be spam, especially when you’re not interested anymore. By the new rules, the commercial emails will have to have a one-click unsubscribe button that’s clearly visible in the message, and the process to unsub will have to be completed within two days.

Also, Google will require bulk senders to up their game when it comes to securing and configuring their systems and will require them to authenticate emails with DKIM and SPF, so it will be harder to impersonate their “From” addresses (thus, fewer phishing possibilities, sorry not sorry, wanna-be hackers)

Google says that last year, its requirement for emails sent to a Gmail address to have some form of authentication has brought the number of unauthenticated messages down by 75%.

But that’s not all! Google will also implement a “clear spam rate threshold” that senders will have to abide by. The company is also working with partners like Yahoo to make these measures standard for everyone in the industry.

By February 2024, these policies will have to be implemented. If not, bulk senders may get flagged by Gmal’s spam filters, or even blocked from inboxes. Hooray for a more spam-free Inbox!


[ad_2]
Source link

Budworm APT Attacking Telecoms Org With New Custom Tools

0
[ad_1]

APT (Advanced Persistent Threat) actors are evolving at a rapid pace, continually enhancing their toolsets and tactics. 

They adapt quickly to security measures, leveraging advanced techniques, such as zero-day exploits, to remain undetected.

Their ability to innovate and collaborate in the underground cybercriminal ecosystem makes tracking and countering APT threats an ongoing challenge for cybersecurity professionals.

Cybersecurity researchers at Symantec’s Threat Hunter Team recently discovered that Budworm APT group has evolved its toolset and is actively targeting the following entities:-

In August 2023, Budworm APT deployed a new variant of its exclusive SysUpdate backdoor (SysUpdate DLL inicore_v2.3.30.dll) in both attacks, which was previously unseen.

Document
FREE Demo

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

New Custom Tools Used

Budworm employed custom and publicly available tools in these attacks, primarily focusing on credential harvesting. The group’s activity may have been suspended early in the attack chain.

Budworm employs DLL sideloading through INISafeWebSSO to execute SysUpdate on victim networks, a technique used by the group since 2018 to evade detection.

Besides this, SysUpdate offers several capabilities that we have mentioned below:-

  • List services
  • Start services
  • Stop services
  • Delete services
  • Take screenshots
  • Browse processes
  • Terminate processes
  • Drive information retrieval
  • File management
  • Command execution

Trend Micro reported about Budworm’s Linux SysUpdate with Windows-like capabilities in March 2023, which has been part of Budworm’s developing toolbox since 2020.

Here below, we have mentioned all the tools that the threat actors use:-

  • AdFind
  • Curl
  • SecretsDump
  • PasswordDumper

Budworm is a persistent APT group active since 2013 that targets high-value victims across sectors globally. Their activities include a U.S. state legislature breach in October 2022 using DLL sideloading for HyperBro malware.

In Budworm’s recent campaign, the group targeted an Asian government and a Middle Eastern telecom, as they are consistent with their typical intelligence-gathering focus.

Budworm’s use of known techniques and tools, like SysUpdate and DLL sideloading, signals their confidence despite detection risk. 

The appearance of a new SysUpdate version in August 2023 indicates ongoing toolset development, suggesting their current activity.

IOCs

SHA256 file hashes

  • c501203ff3335fbfc258b2729a72e82638719f60f7e6361fc1ca3c8560365a0e — Legitimate INISafeWebSSO application
  • c4f7ec0c03bcacaaa8864b715eb617d5a86b5b3ca6ee1e69ac766773c4eb00e6 — SysUpdate backdoor
  • 551397b680da0573a85423fbb0bd10dac017f061a73f2b8ebc11084c1b364466 — Password dumper
  • df571c233c3c10462f4d88469bababe4c57c21a52cca80f2b1e1af848a2b4d23 — Hacktool     
  • c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37 — SecretsDump
  • f157090fd3ccd4220298c06ce8734361b724d80459592b10ac632acc624f455e — AdFind
  • ee9dfcea61282b4c662085418c7ad63a0cbbeb3a057b6c9f794bb32455c3a79e — Curl

Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.


[ad_2]
Source link

According to the Spotify CEO, Apple, and Google are monopolistic

0
[ad_1]

Competition is inevitable in all industries, and the Spotify CEO has a thing or two to say about some big players in the industry, namely Apple and Google. When it comes to competition in music streaming, Daniel Ek, the Spotify CEO, says Apple and Google are the referees. But unlike other referees, Apple and Google also play in the game they are the referees of.

This is not good for the competition, as these two firms make rules that cripple the competition. These rules will help build the businesses of the big tech firms, hence strengthening their dominance. To curb this monopoly-ish move, Daniel is calling on lawmakers in the United Kingdom to pass a bill that’ll help the competition grow.

The bill in question is the Digital Markets, Competition, and Consumers Bill (DMCC). At the moment, this bill is passing its development stages but wields the ability to level the playing field for better competition. Spotify’s CEO believes this bill holds the necessary ingredients to end Apple and Google’s monopoly.

Spotify CEO says Apple and Google are monopolistic by playing in the game they’re the referees of

You might be asking what The Digital Markets, Competition, and Consumers Bill (DMCC) is all about. Well, this bill aims to provide regulations for the competition in digital markets and strengthen some competition laws. If it becomes a law, this bill will police certain companies attempting to control a competitive industry for their business gain.

At the moment, this bill is in the report stage at the United Kingdom House of Commons. It still needs to go through the House of Lords before it meets its final stage and then becomes a law. Daniel Ek is urging lawmakers to do everything in their power to pass this bill and bring an end to Apple and Google’s dominance.

Spotify is under serious competition from Apple Music and YouTube Music. The music streaming platform’s CEO argues that both Apple and Google make rules that make competition in this space difficult. These companies control a massive consumer base, giving them the ability to boss the competition.

Just like referees in a game, Apple and Google make the rules for Spotify and the likes to follow. This gives them the upper hand since they can bend these rules to suit their business. The DMCC bill, if passed into law, will set rules for all competing companies to abide by as well as penalties for breaking these set rules.

With this in place, Daniel Ek and Spotify will be able to compete more freely in the music streaming space. Apple and Google, on their part, will get to become regular players like the rest of the competition and not referees. In the coming months, the fate of this bill will become known to the Spotify CEO as well as netizens.


[ad_2]
Source link

How technology is changing the face of modern web design

0
[ad_1]

On the intersection of technological innovation and creativity stands the flexible and dynamic field of web design.

Technology, a powerful impetus for change, has continually redefined the boundaries of design, fostering a playground where art meets functionality, rendering the static pages of the past almost unrecognizable.

Let us embark on a journey, tracing the transformative footprints of technology on the canvas of modern web development.

Do what is great image 839489348

Historical Perspective

Dial the clock back a few decades, and you’d find yourself in a world where web design was a rudimentary craft, confined within the limitations of slow internet speeds and basic HTML frameworks.

Websites were often clunky, with minimalistic layouts and functionalities restricted to displaying basic information.

However, as time progressed, landmark technological advancements ushered in an era where the potential for web design broadened immensely. The advent of CSS allowed for the separation of content and design, granting creatives unparalleled control and versatility over website layouts.

Furthermore, the development of JavaScript brought interactivity to websites, enabling dynamic content that engaged users in new, immersive ways.

Flash technology, though now deprecated, was a pioneer in enabling multimedia content, bringing animated graphics and audio to the fore and providing a rich user experience. These milestones laid the foundation for a paradigm shift in web design, fostering explosive growth and innovation.

Current Trends

In the contemporary landscape, web design is an ever-evolving beast, continually adapting to rapid technological advancements. The proliferation of mobile devices has compelled designers to embrace responsive design, ensuring websites maintain functionality and aesthetic appeal across varying screen sizes.

Moreover, Artificial Intelligence (AI) and machine learning are carving out significant roles in the sphere of web design. These technologies power intelligent chatbots, offering personalized user experiences and facilitating seamless interactions.

The modern toolkit of a web design professional is brimming with sophisticated software and applications that leverage the power of cloud computing, offering collaboration and efficiency like never before. Design systems and frameworks facilitate a modular approach, allowing for consistency and scalability in large projects.

In this vibrant ecosystem, a team of professional web designers and developers can harness the versatility of modern technologies to craft websites that are visually captivating, functionally robust, and user-friendly. They employ a range of tools, from graphic design software to content management systems, optimizing workflow and ensuring the delivery of high-quality products.

Furthermore, the integration of augmented reality (AR) and virtual reality (VR) is adding a new dimension to web experiences. These technologies offer users immersive, interactive experiences where the boundaries between the real and the virtual blur, offering unprecedented opportunities for engagement and conversion.

Navigating the Challenges and Opportunities

As we delve deeper into the modern landscape of web design, we encounter challenges and opportunities that stem from rapid technological advancements. Let’s explore some of the prominent ones and how to navigate them effectively:

Communication and Inclusivity:

– Multilingual content: As websites cater to a global audience, integrating multilingual content becomes essential to connect with users from diverse backgrounds.
– Accessibility: It’s vital to build websites that are accessible to individuals with disabilities, creating an inclusive online environment for all.

Security Measures:

– Data protection: Implementing robust security protocols to protect sensitive data from potential breaches is paramount in building user trust.
– Secure transactions: Ensuring the safety of online transactions is crucial to fostering a reliable and secure digital marketplace.

Optimization and Performance:

– Loading speed: In an online world where every second counts, optimizing websites for fast loading times is crucial to retaining user interest and improving site rankings.
– SEO: Creating websites that are not only aesthetically pleasing but also search engine-optimized ensures better visibility and a broader reach in the digital sphere.

Future-Proofing Your Website:

– Adaptability: Crafting websites capable of adapting to rapid technological advancements ensures longevity and relevance in an ever-evolving landscape.
– User-centric design: Prioritizing user-centric designs focuses on providing excellent user experiences, fostering increased engagement and loyalty.

Facing these challenges head-on and transforming them into opportunities will mark a successful trajectory in the evolving journey of web design.

Web designers and developers must use their expertise to create experiences that resonate with users on various levels, steering the course of web design into innovative and prosperous directions.

Future Prospects

As we stand on the cusp of a new era in web design, the horizons seem limitless. The swift pace of technological advancements hints at a future where websites could potentially harness even more powerful tools to enhance the user experience.

We anticipate a surge in AI and machine learning integration in web design, offering even more personalization and user engagement.

Moreover, the introduction of 5G technology is set to accelerate the loading times of websites, offering users an ultra-fast browsing experience. As connectivity improves, we can expect web designers to leverage richer media and complex functionalities without worrying about load times and bandwidth constraints.

Furthermore, web design may soon transcend screens altogether, with developments in holographic and wearable technology hinting at a future where web content can be interacted with in entirely novel ways.

Web design professionals may soon find themselves crafting experiences not just for screens but for an array of devices that integrate digital content seamlessly into the physical world.

As we navigate these exciting prospects, it becomes imperative for professional web designers and developers to remain at the forefront of technology, constantly adapting and innovating to meet users’ evolving demands and expectations.

Conclusion

As we journey through the vibrant tapestry of web design’s evolution, it is clear that technology has been a vital catalyst, constantly propelling the industry to new heights.

From the humble beginnings of static web pages to the dynamic, immersive experiences of today, the symbiotic relationship between technology and web design continues to foster a realm of infinite possibilities.

We are privileged to witness this transformative era, where the boundaries of creativity and functionality continually expand.

As we look forward to a future brimming with innovation and advancements, it is clear that the face of modern web design is set for further evolution, promising richer, more engaging experiences for users worldwide.

To fully embrace the future of web design, professionals in the field must align themselves with the pulse of technological advancements, fostering a culture of learning and innovation. The journey ahead promises to be exhilarating, offering untapped opportunities for those ready to seize them.


[ad_2]
Source link

Meta could offer EU users a $14/month license to kill ads on Facebook, Instagram

0
[ad_1]

Sick and tired of ads on Facebook and Instagram? Want to “kill” those pesky paid posts? Well, if you’re in the EU, you could do just that – but first, a small fee. Before you reach for your ad-slashing tool, reach for your wallet and pay Meta $14. Enjoy your 30 ad-free social network days and then pay again because we’re not talking about a single-time subscription – we’re talking about $14 per month.Actually, we’re not talking about anything and we’re not giving Mark Zuckerberg any ideas – but someone apparently is. The WSJ has the story.

What Meta is allegedly trying to do, is to steer around EU rules that threaten to restrict Meta’s ability to bombard users with personalized ads without first seeking their consent. Insiders claim that Zuck’s company shared this ad-free subscription plan with privacy regulators in Ireland and digital competition regulators in Brussels in September.

It is called SNA – subscription no ads – and it would give EU users a choice:
  • Continue to access Instagram and Facebook free of charge, but agree to personalized ads;
  • Pay to access the platforms without any ads.

Those who choose to go with the SNA, those familiar with Meta’s proposal say, could be charged a tad over $10/month on desktop on a Facebook or Instagram account (and roughly $6 for each additional linked account). As far as mobile devices go, the prices could be 40% higher. The price could jump to $14/month – that’s because Meta would factor in commissions charged by Apple’s and Google’s app stores on in-app payments.

We didn’t get to see the “Musk vs. Zuck” cage fight, but if both billionaires introduce some more subscriptions on Meta and X – and make the free versions of the platforms unbearable – there’ll be a fight, alright. The only difference is Musk and Zuck won’t be fighting each other, but everybody else at once.


[ad_2]
Source link

APT34 Employs Weaponized Word Documents to Deploy Malware

0
[ad_1]

APT34 is a secretive cyberespionage group specializing in Middle East targets, known for gathering sensitive intelligence via spear phishing and advanced infiltration methods.

The sophistication and comprehensive resources of the APT34 group pose a major regional and global cybersecurity threat. 

They have conducted high-profile cyberattacks in the Middle East against diverse targets:-

  • Government agencies
  • Critical infrastructure
  • Telecommunications
  • Key regional entities

Cybersecurity researchers at Trend Micro recently detected a new APT34-associated malware, which is dubbed Menorah, in an August phishing attack. 

This newly identified malware was delivered via a malicious document and specifically crafted for cyberespionage activities with the following capabilities:-

  • Machine Identification
  • Read files
  • Upload files
  • Download files
  • Download additional malware
Document
FREE Demo

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

Infection chain

When a victim opens a malicious document, the infection chain begins, which triggers the creation of a scheduled task that establishes the persistence.

Infection chain
Infection chain (Source – Trend Micro)

While the hidden macros that are present in the document drop a .NET malware named “Menorah.exe” into the following directory:-

  • <%ALLUSERSPROFILE%\Office356> 

Next, it schedules Menorah.exe to run under the name “OneDriveStandaloneUpdater,” with some macros handling string manipulation, decoding, and task creation.

Macros for string transformation
Macros for string transformation (Source – Trend Micro)

APT34: Malicious Word Documents

The.NET malware in the malicious document excels at cyberespionage, with skills like fingerprinting, file manipulation, and remote commands.

The latest SideTwist variant boosts stealth with enhanced traffic hashing and starts with a precise argument check. 

Without the argument, the malware stops running, allowing it to evade detection in analytic environments like sandboxes.

Analysts found the C&C server and a timer at http[:]//tecforsc-001-site1[.]gtempurl.com/ads.asp, used for communication every 32 seconds. The malware fingerprints the machine as {MachineNameUsername}, encoding it to calculate MD5 hash.

The MD5 hash and {MachineNameUsername} format are XORed with a string, encoded in Base64, and sent to the C&C server via an HTTP request as a system fingerprint.

Sending the 'fingerprint' of the victim system
Sending the ‘fingerprint’ of the victim system (Source – Trend Micro)

During analysis, the inactive C&C server was anticipated to return an encrypted message, likely encoded in Base64. 

The decrypted message is split into an array, with each value dictating specific actions by the malware.

The continuous development of APT34 showcases its adaptability. They leverage resources and diverse skills to customize tactics for specific targets, ensuring successful cyber espionage.

IOCs

  • SHA256: 8a8a7a506fd57bde314coe6154f2484f280049f2bda504d43704b9ad412d5d618
  • Trojan.W97M.SIDETWIST.AB (Detections)
  • SHA256: 64156f9ca51951a9bf91b5b74073d31c16873ca60492c25895c1f0f074787345
  • Trojan.MSIL.SIDETWIST.AA (Detections)

URL

  • hxxp://tecforsc-001-site1[.]gtempurl[.]com/ads.asp

Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.


[ad_2]
Source link