Security News > 2022 > January > Lazarus APT Uses Windows Update to Spew Malware
Lazarus Group is using Windows Update to spray malware in a campaign powered by a GitHub command-and-control server, researchers have found.
Lazarus did the same thing last July: At that time, the APT was identified as being behind a campaign that was spreading malicious documents to job-seeking engineers, impersonating defense contractors who were purportedly seeking job candidates at Airbus, General Motors and Rheinmetall.
LNK files are Windows shortcut files, as in, pointers to original files in Windows.
"With this method, the threat actor can execute its malicious code through the Microsoft Windows Update client by passing the following arguments: /UpdateDeploymentProvider, Path to malicious DLL and /RunHandlerComServer argument after the DLL," the researchers explained.
"This is an interesting technique used by Lazarus to run its malicious DLL using the Windows Update Client to bypass security detection mechanisms," the threat-intelligence team noted.
"With this method, the threat actor can execute its malicious code through the Microsoft Windows Update client by passing the following arguments: /UpdateDeploymentProvider, Path to malicious DLL and /RunHandlerComServer argument after the DLL.".
News URL
https://threatpost.com/lazarus-apt-windows-update-malware-github/178096/
Related news
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- New SteelFox malware hijacks Windows PCs using vulnerable driver (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware (source)
- APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign (source)
- Windows, macOS users targeted with crypto-and-info-stealing malware (source)
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- The Mask APT Resurfaces with Sophisticated Multi-Platform Malware Arsenal (source)
- Bitter APT Targets Turkish Defense Sector with WmRAT and MiyaRAT Malware (source)