Wie schützt man sich vor #Schadsoftware? Indem man keine illegalen #Torrent Sites besucht. Aktuell kursieren angeblich kostenlose Fake #eBooks, die aber nichts anderes als ein #Trojaner sind, der die #Crypto #Wallet leer machen will:

"#ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy Attacks"

https://thehackernews.com/2024/07/vipersoftx-malware-disguises-as-ebooks.html

#ViperSoftX #malware evolves, using eBook torrents and CLR integration to evade detection.

Learn about its new distribution methods and security implications.

https://thehackernews.com/2024/07/vipersoftx-malware-disguises-as-ebooks.html

#cybersecurity #infosec

Happy Wednesday everyone!

This is the second #readoftheday this week that involves eBooks being used as the lure for victims and in this case Trellix reveals that this eBook delivers a malware known as #ViperSoftX.

Once the victim downloads the archive file, they are presented with an eBook cover page, a hidden folder, shortcut file and three JPGs. These files are not what they seem, as you all may have guessed. One is an AutoIT script, one the AutoIT executable, and the last a PowerShell script. The shortcut file leads to the execution of the PowerShell code that unhides the hidden folder, checks the disk size of all drives, moves the AutoIT files to the AppData\Microsoft\Windows directory and deletes the LNK files in the current directory.

A notable MITRE ATT&CK TTP here is the use of PowerShell encoded commands or T1027.013 - Obfuscated Files or Information: Encrypted/Encoded File. This is a common technique that adversaries use to hide the true nature of the commands or communication with their C2 server.

As always, I am leaving you hanging and will be back for the Threat Hunting Tip of the day! While you are waiting patiently, go read the rest of the article, it has tons of details I left out! Enjoy and Happy Hunting!

The Mechanics of ViperSoftX: Exploiting AutoIt and CLR for Stealthy PowerShell Execution
https://www.trellix.com/blogs/research/the-mechanics-of-vipersofts-exploiting-autoit-and-clr-for-stealthy-powershell-execution/

Intel 471 #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #Intel471

Attention, un redoutable malware s’attaque aux gestionnaires de mots de passe
#virus #malware #password #crypto #windows #ViperSoftX #Google #chrome #Brave, #irefox #Microsoft #Edge #Opera #1Password #KeePass #antivirus #Defender #ESET

https://lsdm.live/modules/news/article.php?storyid=3969

Another week, another newsletter - catch up on the week's infosec news here:

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-240423-300423

Researchers have found that nearly two years on, 2 in 3 installs of #Apache #Superset are still using default Flask Secret Keys - a configuration flaw which would allow an attacker to forge session cookies and access said servers with full administrative privileges.

#Kritec is a commodity #skimmer found installed on compromised #Magecart sites, with its code heavily obfuscated and customised to match the site's aesthetic in order to con users out of credit card details.

#FIN7 look to be popping instances of the #Veeam backup software that are unpatched for a recent vulnerability; a revised #ViperSoftX #infostealer now targets #1password and #keepass password vaults, and #TA505 deliver a new infostealer through a #GoogleAds campaign

#LockBit & #CL0P ransomware affiliates have been abusing a month-old vulnerability in the #PaperCut print management software to drop ransomware. With the cat out of the bag, security researchers have decided now is a great time to drop a PoC exploit on Github - I mean, why not let the skiddies get in on the action too, right?

The #blueteam have some great research worth reading on #Smishing via #AWS; detections for #SliverC2 and different implementations of #PsExec, as well as #Sigma integration for #SentinelOne and a #KQL hack for monitoring LOLDrivers.

Have a great week ahead folks, I hope this newsletter proves helpful!

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-240423-300423

#infosec #cyber #news #newsletter #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #affiliate #dfir #soc #threatintel #threatintelligence #threathunting #detection #threatdetection #detectionengineering #flask #python #fraud #malvertising #clop #PoC #exploit #securityresearch #LOLBAS #LOLBIN #BYOVD