Security News > 2024 > April > Hackers hijack antivirus updates to drop GuptiMiner malware
North Korean hackers have been exploiting the updating mechanism of the eScan antivirus to plant backdoors on big corporate networks and deliver cryptocurrency miners through GuptiMiner malware.
Researchers describe GuptiMiner as "a highly sophisticated threat" that can perform DNS requests to the attacker's DNS servers, extract payloads from images, sign its payloads, and perform DLL sideloading.
In a report released today, cybersecurity company Avast says that the threat actor behind GuptiMiner had an adversary-in-the-middle position to hijack the normal virus definition update package and replace it with a malicious one named 'updll62.
The malicious file includes the necessary antivirus updates as well as a GuptiMiner malware as a DLL file named 'version.
The hackers used GuptiMiner to deploy multiple malware on compromised systems, including two distinct backdoors and the XMRig Monero miner.
ScreenConnect flaws exploited to drop new ToddlerShark malware.
News URL
Related news
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)
- North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn (source)
- Salt Typhoon hackers backdoor telcos with new GhostSpider malware (source)
- Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries (source)
- APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign (source)
- Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware (source)
- Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (source)
- North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign (source)