Security News > 2023 > May > New LOBSHOT malware gives hackers hidden VNC access to Windows devices

A new malware known as 'LOBSHOT' distributed using Google ads allows threat actors to stealthily take over infected Windows devices using hVNC. Earlier this year, BleepingComputer and numerous cybersecurity researchers reported a dramatic increase in threat actors utilizing Google ads to distribute malware in search results.
In a new report by Elastic Security Labs, researchers revealed that a new remote access trojan named LOBSHOT was being distributed through Google Ads.
If Defender is not detected, the malware will configure Registry entries to start automatically when logging in to Windows and then transmit system information from the infected device, including running processes.
While stealing cryptocurrency extensions is common, Elastic also found that the malware included an hVNC module, allowing the threat actors to quietly access an infected device remotely.
hVNC, or hidden virtual network computing, is a VNC remote access software modified to control a hidden desktop on the infected device rather than the main desktop used by the device's owner.
As AnyDesk is commonly used in business environments, the malware is likely used for initial access to corporate networks and to spread laterally to other devices.
News URL
Related news
- Russian military hackers deploy malicious Windows activators in Ukraine (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- North Korean hackers spotted using ClickFix tactic to deliver malware (source)
- North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware (source)
- Chinese hackers use custom malware to spy on US telecom networks (source)
- New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems (source)
- Steam pulls game demo infecting Windows with info-stealing malware (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- Update VMware Tools for Windows Now: High-Severity Flaw Lets Hackers Bypass Authentication (source)
- APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware (source)