Hackerzhome

hackerzhome-logo-bg

Cybersecurity news all over the world

HACKERZHOME NEWS

February 23, 2023

Thursday

YouTube and Facebook accounts are taken over by the new S1deload Stealer malware.

Users of YouTube and Facebook are the target of an ongoing virus campaign that infects their computers with a new information thief that will take over their social media accounts and use their devices to mine cryptocurrency.


The new malware was found by Bitdefender’s Advanced Threat Control (ATC) team, and because of its heavy usage of DLL sideloading for evading detection, it was given the name S1deload Stealer.


Using social engineering and comments on Facebook sites that promote adult-themed archives, victims are persuaded to spread the infection to themselves


The user will instead obtain an executable with a legitimate Western Digital digital signature and a malicious DLL (WDSync.dll) containing the final payload if they choose to download one of the linked archives.


S1deload Stealer can be commanded by its operators to carry out any number of operations after connecting to the command-and-control (C2) the server once it has been installed on the victims’ machines.


On other computers, it may also use a cryptojacker to mine BEAM cryptocurrency or a stealer that decrypts and exfiltrates cookies and saves login information from the victim’s browser and the Login Data SQLite database.


If the malware is successful in stealing a Facebook account, it will also make an effort to determine the account’s actual value by using the Facebook Graph API to determine whether the victim is the administrator of a Facebook page or group, whether it purchases ads, or whether it is associated with a business manager account.

NEWS 1
YouTube and Facebook accounts are taken over by the new S1deload Stealer malware.

Breaking news

LIVE

You are not up to date!

Subscribe to our newsletter and stay updated on cybersecurity news

Hackers spread malware for Windows and Android using fake ChatGPT apps.

Threat actors are using OpenAI’s ChatGPT chatbot popularity to spread malware for Windows and Android or lead unwitting victims to phishing websites.

Since its November 2022 introduction, ChatGPT has had tremendous growth and, by January 2023, had amassed more than 100 million users, making it the consumer application with the fastest growth rate in modern history.

A $20/month subscription tier (ChatGPT Plus) was introduced for users who want to use the chatbot with no availability limits as a result of the tool’s extreme popularity and quick expansion.

Threat actors were able to take advantage of the tool’s popularity by promising constant, cost-free access to premium ChatGPT as a result of the action.

A Facebook page used to promote that website misled viewers into visiting the rogue site by using the official ChatGPT emblems.

Alvieri also discovered that bogus ChatGPT apps were being advertised on Google Play and other Android app stores in an effort to trick users into installing questionable software.

NEWS 2

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

February 23, 2023 /

Thursday

Hackerzhome News

2

Have you heard?
Common Indicators of a Phishing Attempt know more!

Attackers Publish More Than 15,000 Spam Packages With Phishing Links in the NPM Repository.

Attackers Publish More Than 15,000 Spam Packages With Phishing Links in the NPM Repository

About 15,000 spam packages have flooded the npm repository in an ongoing attack on the open-source ecosystem in an effort to disseminate phishing URLs.

The strategy involves injecting malicious packages into the registry that contain connections to phishing campaigns in their README.md files, reminiscent of a similar effort that a software supply chain security company discovered in December 2022.

The fake modules had names like “free-TikTok-followers,” “free-xbox-codes,” and “Instagram-followers-free,” and they pretended to be cheats and free resources.

The operation’s main objective is to get users to download the files and click on the links to phishing websites by making false promises of more social media followers.

The websites encourage users to take surveys, which opens the door for further surveys or, alternatively, directs users to reliable e-commerce platforms like AliExpress.

Between February 20 and February 21, 2023, a Python script that automates the entire procedure is claimed to have been used to upload the packages to npm from various user accounts in a matter of hours.

NEWS 3

VMware alerts administrators to a serious Carbon Black App Management bug.

VMware alerts administrators to a serious Carbon Black App Management bug.
NEWS 4

A severe injection vulnerability that affects many versions of Carbon Black App Control for Windows has been fixed by VMware in a key security update.

The corporation issues a warning, noting that an attacker may use the 9.1 out of 10 severity-rated security flaw to access the underlying operating system.

With the aid of the Carbon Black App Control package, major enterprises can make sure that the software running on their crucial endpoints is reliable and vetted.

Security expert Jari Jääskelä identified the problem, which has the tracking number CVE-2023-20858.

It might allow a threat actor with access to the App Control administration console to gain control of the operating system by utilizing carefully constructed input.

Administrators are urged by VMware to “update as quickly as feasible” to a secure version of the software.

VMware Carbon Black App Control for Windows versions 8.7.7 and earlier, 8.8.5 and earlier, and 8.9.3 and earlier are affected by CVE-2023-20858. It is advised that administrators update to versions 8.9.4, 8.8.6, and 8.7.8 or later.

Clasiopa hackers conduct focused attacks using the new Atharvan malware.

Security experts have identified a hacker organization that uses a special toolkit, including a tailored remote access trojan (RAT) named Atharvan, to target businesses in the materials research industry.

Symantec, a Broadcom business, is tracking the threat actor as Clasiopa after its analysts discovered a clue that pointed to an Indian threat actor. There isn’t much evidence to back up any theory, therefore attribution is still unknown.

Clasiopa appears to employ brute force to access public-facing servers, according to Symantec experts, despite the lack of convincing evidence to support a specific initial infection vector.

According to Symantec, the attackers engage in a number of post-compromise activities, including examining the compromised system’s IP address, halting the services of endpoint protection products to disable them, using malicious software to search for certain files and exfiltrate them as ZIP packages, and setting a scheduled procedure (a “network service”) to list file names and erasing Sysmon logs and events to remove any signs of malicious activity

Clasiopa hackers conduct focused attacks using the new Atharvan malware.
NEWS 5

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news: