Security News > 2021 > May > FIN7 Backdoor Masquerades as Ethical Hacking Tool

FIN7 Backdoor Masquerades as Ethical Hacking Tool
2021-05-14 17:36

The notorious FIN7 cybercrime gang, a financially motivated group, is spreading a backdoor called Lizar under the guise of being a Windows pen-testing tool for ethical hackers.

According to the BI.ZONE Cyber Threats Research Team, FIN7 is pretending to be a legitimate organization that hawks a security-analysis tool.

In January, the group used elaborate social-engineering efforts through Twitter and LinkedIn, as well as other media platforms like Discord and Telegram, to set up trusted relationships with researchers by appearing to themselves be legitimate researchers interested in offensive security.

Specifically, attackers initiated contact by asking researchers if they wanted to collaborate on vulnerability research together.

Eventually, after much correspondence, attackers provided the targeted researchers with a Visual Studio Project infected with malicious code that could install a backdoor onto their system.

Security researchers infected in those attacks were running fully patched and up-to-date Windows 10 and Chrome browser versions, according to Google TAG at the time, which signaled that hackers likely were using zero-day vulnerabilities in their campaign.


News URL

https://threatpost.com/fin7-backdoor-ethical-hacking-tool/166194/