Security News > 2023 > May > New LOBSHOT malware gives hackers hidden VNC access to Windows devices

A new malware known as 'LOBSHOT' distributed using Google ads allows threat actors to stealthily take over infected Windows devices using hVNC. Earlier this year, BleepingComputer and numerous cybersecurity researchers reported a dramatic increase in threat actors utilizing Google ads to distribute malware in search results.

In a new report by Elastic Security Labs, researchers revealed that a new remote access trojan named LOBSHOT was being distributed through Google Ads.

If Defender is not detected, the malware will configure Registry entries to start automatically when logging in to Windows and then transmit system information from the infected device, including running processes.

While stealing cryptocurrency extensions is common, Elastic also found that the malware included an hVNC module, allowing the threat actors to quietly access an infected device remotely.

hVNC, or hidden virtual network computing, is a VNC remote access software modified to control a hidden desktop on the infected device rather than the main desktop used by the device's owner.

As AnyDesk is commonly used in business environments, the malware is likely used for initial access to corporate networks and to spread laterally to other devices.

News URL

https://www.bleepingcomputer.com/news/security/new-lobshot-malware-gives-hackers-hidden-vnc-access-to-windows-devices/