Hackerzhome

hackerzhome-logo-bg

Cybersecurity news all over the world

HACKERZHOME NEWS

April 19, 2023

Wednesday

YouTube Videos that Use a Highly Evasive Loader to Distribute Aurora Stealer Malware

The inner workings of the very evasive loader known as “in2al5d p3in4er” (read: invalid printer), which is used to distribute the Aurora stealer malware, have been described by cybersecurity researchers.


According to a study published with The Hacker News by cybersecurity company Morphisec, the in2al5d p3in4er loader is created with Embarcadero RAD Studio and targets endpoint workstations utilizing advanced anti-VM (virtual machine) methods.


The Go-based information thief Aurora first appeared on the threat scene in late 2022. It is disseminated by YouTube videos and SEO-optimized websites that offer false cracked software downloads as a commodity malware to other attackers.


When a victim clicks on a link in a YouTube video description, they are taken to a fake website where they are persuaded to download malware posing as a useful tool.


The loader’s use of Embarcadero RAD Studio to create executables for many platforms, enabling it to avoid detection, is another essential component.


Briefly put, the research demonstrates that the threat actors behind in2al5d p3in4er are using social engineering techniques for a high-impact campaign that uses YouTube as a malware distribution channel and sends users to convincing-looking bogus websites to spread the stealer malware.

NEWS 1
YouTube Videos that Use a Highly Evasive Loader to Distribute Aurora Stealer Malware

Breaking news

LIVE

You are not up to date!

Subscribe to our newsletter and stay updated on cybersecurity news

Some people are unable to view search results due to a Google Search outage.

There is now a partial outage affecting Google Search, which stops certain users from getting search results.

The outage began around 8:50 PM ET, and thousands of users had already reported problems, according to DownDetector.

If you try to search on Google while it’s down, different search cards, such as People also Ask relevant Tweets, Videos, and relevant searches, will appear on the search results page.

Why some people are impacted while others are not is unknown. But in our experiments at BleepingComputer, we were successful in getting search results to show up after signing out of Google.

Update 9:30 PM ET: For the majority of users, the outage seems to be fixed. However, some people are still reporting problems with Google Search.

NEWS 2

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

April 19, 2023 /

Wednesday

Hackerzhome News

2

Have you heard?
The Latest QBot Email Attacks Combine Malware Installation With PDF And WSF know more!

Over 100 million Google Play Store downloads Contain the Goldoson Android Malware

Over 100 million Google Play Store downloads Contain the Goldoson Android Malware

More than 60 trustworthy apps with a combined download count of more than 100 million have been found to contain the new Android malware strain, Goldson.

The leading independent app marketplace in South Korea, ONE store, has monitored an additional eight million installations.

The malicious component can acquire data from installed apps, Wi-Fi and Bluetooth-connected devices, and GPS locations. It is a component of a third-party software library utilized by the questioned apps.

Additionally, it has the capability to covertly load web pages, a feature that might be misused to load advertisements in order to generate revenue. It accomplishes this by directing traffic to the URLs while loading HTML code in a hidden WebView.
After being correctly reported to Google, a total of 36 of the 63 infringing apps have been taken down from the Google Play Store. The dangerous library has been taken out of the 27 remaining apps.

NEWS 3

Government hackers employing specialized malware on Cisco routers, US and UK warn.

Government hackers employing specialized malware on Cisco routers, US and UK warn.
NEWS 4

The US, UK, and Cisco have issued a warning about Russian state-sponsored APT28 hackers using a specific piece of malware called “Jaguar Tooth” to infect Cisco IOS routers and grant unauthorized access.

The Russian General Staff Main Intelligence Directorate (GRU), commonly known as APT28, Fancy Bear, STRONTIUM, Sednit, and Sofacy, is a state-sponsored hacker organization. This hacking outfit is notorious for using zero-day exploits to carry out cyber espionage and has been linked to a variety of attacks on US and European targets.

The NSA, FBI, National Cyber Security Centre (UK), and the US Cybersecurity and Infrastructure Security Agency (CISA) together published a study today that describes how the APT28 hackers have been using an outdated SNMP vulnerability on Cisco IOS routers to deliver proprietary malware dubbed “Jaguar Tooth.”

The malware is known as Jaguar Tooth is injected right into the memory of Cisco routers using outdated firmware. Once activated, the malware gives unauthenticated backdoor access to the router while stealing data from it.

Patch now for the newly released sandbox escape PoC exploit for the VM2 library.

Another sandbox escape proof of concept (PoC) attack that enables the execution of hazardous code on a host running the VM2 sandbox has been published by a security researcher.

A wide range of software tools employs VM2, a specialized JavaScript sandbox, to run and test untrusted code in an isolated environment without allowing it access to host system resources or external data.

The library is frequently used in code editors, security tools, integrated development environments (IDEs), and numerous pen-testing frameworks. The number of downloads from the NPM package repository each month is in the millions.

Seongil We found the first sandbox escape vulnerability, recorded as CVE-2023-29017, two weeks ago, while SeungHyun Lee found the most recent two (CVE-2023-29199 and CVE-2023-30547).

In October 2022, Oxeye researchers found yet another sandbox escape, identified as CVE-2022-36067.

The most recent bug, designated CVE-2023-30547 (CVSS rating: 9.8 – significant), is an exception sanitization flaw that enables an attacker to generate an unclean host exception inside “handleException().”

Patch now for the newly released sandbox escape PoC exploit for the VM2 library.
NEWS 5

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news: