Indra Sistemas, S.A. uses cookies that are strictly necessary to provide functions that are essential for the proper functioning of the website. Therefore, these cookies cannot be disabled.
If you want more information, you can visit our extended cookie policy.Agree More information

News from our Cybersecurity Expert Center

 

 

We bring you the latest news and alerts detected from Cybersecurity.

Connect with us by info@netstudio.it

Outstanding cybersecurity news

Vulnerabilities

Severe vulnerability detected in Measuresoft ScadaPro Server (CVE-2022-3263) that would allow execution of malicious commands

 

  cisa.gov

 

Memory corruption vulnerability in the uClibC library (CVE-2022-29503) affects Unix-based devices

 

blog.talosintelligence.com

Malware

Malicious OAuth applications used to compromise email servers and spread spam

 

  microsoft.com

 

Malicious NPM discovered masquerading as legitimate software library for Material Tailwind

 

  thehackernews.com

Cybersecurity

Australian security company Optus claims to have suffered a breach affecting customer data

 

securityweek.com

 

DESORDEN group leaks more Indonesian company data

 

databreaches.net

Latest threats detected

New widespread campaign of Chromeloader malware

20/9/2022

Executive summary

 

VMware and Microsoft have issued security advisories due to a new wave of attacks by the Chromeloader malware.

Data

 

Type:

 

TLP:

 

Targets:

 

Affected assets:

 

Attack vector:

 

Tags:

Malware

 

White

 

Chrome Browsers

 

Multiple

 

Malware

 

ChromeLoader, Malware

Description

 

A new widespread campaign of the Chromeloader malware has been detected. During the first quarter of the year, attacks related to this malware increased significantly.

 

In these campaigns the malware infects Chrome with a malicious extension that redirects user traffic to scam/advertising sites for monetisation per click. After this period the malware evolved into InfoStealer, stealing data stored in browsers and retaining adware functions.

 

 

Technical details

 

During the last week a new large-scale click fraud campaign has been identified and attributed to a threat actor named DEV-0796 that makes use of Chromeloader among its artefacts.

 

This campaign starts with ISO files that are delivered via malicious advertisements, browser redirects and YouTube video comments. Once the ISO file is mounted on the system, 4 files are visible.

 

A compressed ZIP file containing the malware in question, an ICON file, a .bat file (in most campaigns it is named resources.bat) that is responsible for installing the malware and a Windows shortcut that starts the .bat file.

 

Some of the campaigns mimic popular applications such as music players like FLB, OpenSubtitle for movie subtitles and TV shows.

 

Chromeloader has also implemented "ZipBombs" files that once executed destroy the user's system by overloading it with data as well as distributing Enigma ransomware in HTML files.

Recommendations

Protection

 

  • Enable the display of file extensions to prevent the execution of malicious code disguised as legitimate, non-executable files.
  • Disable macros in Microsoft Office documents and other similar applications.
  • Do not trust any mail from unknown senders.
  • Do not access links or download attachments from suspicious emails.
  • Do not reply to such e-mails, or call the telephone numbers they may include.
  • Change the default program for files with .js, .vbs, .vbe, .hta, .wsf, .wsc... extensions to prevent them from being executed directly by double clicking.
  • Use filters or anti-spam functions in e-mail.
  • Use analysis tools (Antivirus, IDS...) that detect suspicious behaviour.
  • Have a correct segregation in the network architecture.
  • Have an updated inventory of all assets.
  • Carry out continuous security audits on systems to detect vulnerabilities.
  • Keep Windows up to date.
  • Practice online cyber vigilance and maintain healthy internet habits.

 

Detection

 

  • Analyse the headers of e-mails to determine the origin and legitimacy of the e-mails.
  • Analyse emails with the same subject and different recipients.
  • Analyse and collect all significant events from detection systems (Antivirus, IDS...).
  • Check the entries in the host file (Windows: C:\Windows\System32\drivers\etc\hosts and Linux: etc/hosts).

 

Mitigation

 

  • Proceed to isolate infected computers to prevent the spread of malware in the network.
  • Proceed to remove all malware samples and their persistence points.
  • Run and update your antivirus regularly.

 

SIA, an Indra Group company, is the Indra Group's specialized cybersecurity company. It offers technologically advanced solutions and innovative services, taking the concept of cybersecurity one step further.

 

sia.es

Indra is one of the leading global technology and consulting companies: the technology partner for key operations of client businesses worldwide.

 

indracompany.com

Telefono: 0574.514180

info@netstudio.it

Privacy policy

Cookie policy

Legal notice

SIA, an Indra Group company, is the Indra Group's specialized cybersecurity company. It offers technologically advanced solutions and innovative services, taking the concept of cybersecurity one step further.

 

sia.es

Indra is one of the leading global technology and consulting companies: the technology partner for key operations of client businesses worldwide.

 

indracompany.com