Haythem Elmir

MADRID—As the investigation continues into the backdoor planted inside CCleaner, two members of parent company Avast’s threat intelligence team said today the desktop and cloud versions of the popular software contained different payloads.

The revelation was made during a talk at Virus Bulletin 2017 during which Jakub Kroustek and Jiri Bracek shared technical details on the attack, primarily about the command and control infrastructure used for communication, as well as some insight on the targets and hinted that there may be other stages of this attack that have yet to be uncovered.

Kroustek and Bracek said there are likely more than the three stages of this attack that have been discussed so far; each stage to date has been a downloader grabbing the next phase of the operation. IP addresses housing these stages are hidden, either encrypted with custom cryptographic algorithms or tucked away on phishing sites or purpose-built Github or WordPress pages that are scanned by the malware in order to piece together clues as to the IP addresses holding the next stage.

To read the original article:


Laisser un commentaire

Next Post

Apple file system flaw, macOS shows encrypted drive’s password in the hint box.

Apple released a patch for macOS High Sierra 10.13 that address also a flaw in Apple file system that exposes encrypted drive’s password in the hint box. Apple yesterday released a security patch for macOS High Sierra 10.13 to fix vulnerabilities in the Apple file system (APFS) volumes and Keychain software. The vulnerability in […]