Security News > 2024 > April > Hackers hijack antivirus updates to drop GuptiMiner malware
North Korean hackers have been exploiting the updating mechanism of the eScan antivirus to plant backdoors on big corporate networks and deliver cryptocurrency miners through GuptiMiner malware.
Researchers describe GuptiMiner as "a highly sophisticated threat" that can perform DNS requests to the attacker's DNS servers, extract payloads from images, sign its payloads, and perform DLL sideloading.
In a report released today, cybersecurity company Avast says that the threat actor behind GuptiMiner had an adversary-in-the-middle position to hijack the normal virus definition update package and replace it with a malicious one named 'updll62.
The malicious file includes the necessary antivirus updates as well as a GuptiMiner malware as a DLL file named 'version.
The hackers used GuptiMiner to deploy multiple malware on compromised systems, including two distinct backdoors and the XMRig Monero miner.
ScreenConnect flaws exploited to drop new ToddlerShark malware.
News URL
Related news
- North Korean hackers spotted using ClickFix tactic to deliver malware (source)
- New Mac Malware Poses as Browser Updates (source)
- New FrigidStealer Malware Targets macOS Users via Fake Browser Updates (source)
- North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware (source)
- Chinese hackers use custom malware to spy on US telecom networks (source)
- New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems (source)
- Update VMware Tools for Windows Now: High-Severity Flaw Lets Hackers Bypass Authentication (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages (source)