Mastodawn

lazarusholic Apr 23, 2024

"GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining" published by Avast. #Kimsuky, #PuTTY, #GuptiMiner, #eScan, #CTI, #OSINT, #LAZARUS https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/

GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining - Avast Threat Labs

Avast discovered and analyzed GuptiMiner, a malware campaign hijacking an eScan antivirus update mechanism to distribute backdoors and coinminers.

Avast Threat Labs

Jan Rubín Apr 23, 2024

This one was tricky. Dive into #GuptiMiner, our newest analysis by my colleague Milánek and me. Two types of backdoors, XMRigs, MitM over antivirus updates, shellcodes in PNGs, DNS trickery, certificates trickery, deployment before system shutdown, you name it:

https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/

#malware #analysis #backdoor #cryptomining

GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining - Avast Threat Labs

Avast discovered and analyzed GuptiMiner, a malware campaign hijacking an eScan antivirus update mechanism to distribute backdoors and coinminers.

Avast Threat Labs