Sign up to save your podcasts
Or
Share HPR3714: The News with Some Guy On the Internet
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
HPR3714: The News with Some Guy On the Internet
Threat Analysis; your
attack surface.
The Hacker News
New
Chinese Malware Attack Framework Targets Windows, macOS, and Linux
Systems.
A previously undocumented command-and-control (C2) framework dubbed
Alchimist is likely being used in the wild to target Windows, macOS, and
Linux systems.
"Alchimist C2 has a web interface written in Simplified Chinese and
can generate a configured payload, establish remote sessions, deploy
payloads to the remote machines, capture screenshots, perform remote
shellcode execution, and run arbitrary commands," Cisco Talos said in a
report shared with The Hacker News. Written in GoLang, Alchimist is
complemented by a beacon implant called Insekt, which comes with remote
access features that can be instrumented by the C2 server.”
"Since Alchimist is a single-file based ready-to-go C2 framework, it
is difficult to attribute its use to a single actor such as the authors,
APTs, or crimeware syndicates."
The trojan, for its part, is equipped with features typically present
in backdoors of this kind, enabling the malware to get system
information, capture screenshots, run arbitrary commands, and download
remote files, among others.
Alchimist C2 panel further features the ability to generate first
stage payloads, including PowerShell and wget code snippets for Windows
and Linux, potentially allowing an attacker to flesh out their infection
chains to distribute the Insekt RAT binary. The instructions could then
be potentially embedded in a maldoc attached to a phishing email that,
when opened, downloads and launches the backdoor on the compromised
machine. What's more, the Linux version of Insekt is capable of listing
the contents of the ".ssh" directory and even adding new SSH keys to the
"~/.ssh/authorized_keys" file to facilitate remote access over SSH.
The Hacker News
Hackers
Using Vishing to Trick Victims into Installing Android Banking
Malware.
Malicious actors are resorting to voice phishing (vishing) tactics to
dupe victims into installing Android malware on their devices.
The Dutch mobile security company said it identified a network of
phishing websites targeting Italian online-banking users that are
designed to get hold of their contact details.
Telephone-oriented attack delivery (TOAD), as the social engineering
technique is called, involves calling the victims using previously
collected information from the fraudulent websites.
The caller, who purports to be a support agent for the bank,
instructs the individual on the other end of the call to install a
security app and grant it extensive permissions, when, in reality, it's
malicious software intended to gain remote access or conduct financial
fraud.
What's more, the infrastructure utilized by the threat actor has been
found to deliver a second malware named SMS Spy that enables the
adversary to gain access to all incoming SMS messages and intercept
one-time passwords (OTPs) sent by banks.
The new wave of hybrid fraud attacks presents a new dimension for
scammers to mount convincing Android malware campaigns that have
otherwise relied on traditional methods such as Google Play Store
droppers, rogue ads, and smishing.
The Hacker News
64,000
Additional Patients Impacted by Omnicell Data Breach - What is Your Data
Breach Action Plan?
Founded in 1992, Omnicell is a leading provider of medication
management solutions for hospitals, long-term care facilities, and
retail pharmacies. On May 4, 2022, Omnicell's IT systems and third-par
View all episodes
By Hacker Public Radio
4.2
3434 ratings
Threat Analysis; your
attack surface.
The Hacker News
New
Chinese Malware Attack Framework Targets Windows, macOS, and Linux
Systems.
A previously undocumented command-and-control (C2) framework dubbed
Alchimist is likely being used in the wild to target Windows, macOS, and
Linux systems.
"Alchimist C2 has a web interface written in Simplified Chinese and
can generate a configured payload, establish remote sessions, deploy
payloads to the remote machines, capture screenshots, perform remote
shellcode execution, and run arbitrary commands," Cisco Talos said in a
report shared with The Hacker News. Written in GoLang, Alchimist is
complemented by a beacon implant called Insekt, which comes with remote
access features that can be instrumented by the C2 server.”
"Since Alchimist is a single-file based ready-to-go C2 framework, it
is difficult to attribute its use to a single actor such as the authors,
APTs, or crimeware syndicates."
The trojan, for its part, is equipped with features typically present
in backdoors of this kind, enabling the malware to get system
information, capture screenshots, run arbitrary commands, and download
remote files, among others.
Alchimist C2 panel further features the ability to generate first
stage payloads, including PowerShell and wget code snippets for Windows
and Linux, potentially allowing an attacker to flesh out their infection
chains to distribute the Insekt RAT binary. The instructions could then
be potentially embedded in a maldoc attached to a phishing email that,
when opened, downloads and launches the backdoor on the compromised
machine. What's more, the Linux version of Insekt is capable of listing
the contents of the ".ssh" directory and even adding new SSH keys to the
"~/.ssh/authorized_keys" file to facilitate remote access over SSH.
The Hacker News
Hackers
Using Vishing to Trick Victims into Installing Android Banking
Malware.
Malicious actors are resorting to voice phishing (vishing) tactics to
dupe victims into installing Android malware on their devices.
The Dutch mobile security company said it identified a network of
phishing websites targeting Italian online-banking users that are
designed to get hold of their contact details.
Telephone-oriented attack delivery (TOAD), as the social engineering
technique is called, involves calling the victims using previously
collected information from the fraudulent websites.
The caller, who purports to be a support agent for the bank,
instructs the individual on the other end of the call to install a
security app and grant it extensive permissions, when, in reality, it's
malicious software intended to gain remote access or conduct financial
fraud.
What's more, the infrastructure utilized by the threat actor has been
found to deliver a second malware named SMS Spy that enables the
adversary to gain access to all incoming SMS messages and intercept
one-time passwords (OTPs) sent by banks.
The new wave of hybrid fraud attacks presents a new dimension for
scammers to mount convincing Android malware campaigns that have
otherwise relied on traditional methods such as Google Play Store
droppers, rogue ads, and smishing.
The Hacker News
64,000
Additional Patients Impacted by Omnicell Data Breach - What is Your Data
Breach Action Plan?
Founded in 1992, Omnicell is a leading provider of medication
management solutions for hospitals, long-term care facilities, and
retail pharmacies. On May 4, 2022, Omnicell's IT systems and third-par
More shows like Hacker Public Radio
View all
The Changelog: Software Development, Open Source
289 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
373 Listeners
LINUX Unplugged
268 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
653 Listeners
Curious Cases
826 Listeners
The Strong Towns Podcast
422 Listeners
Late Night Linux
164 Listeners
Darknet Diaries
8,046 Listeners
Cybersecurity Today
181 Listeners
CISO Series Podcast
189 Listeners
TechCrunch Daily Crunch
42 Listeners
Strict Scrutiny
5,809 Listeners
2.5 Admins
98 Listeners
Cyber Security Headlines
140 Listeners
What the Hack?
221 Listeners