Security News > 2024 > April > Hackers hijack antivirus updates to drop GuptiMiner malware
North Korean hackers have been exploiting the updating mechanism of the eScan antivirus to plant backdoors on big corporate networks and deliver cryptocurrency miners through GuptiMiner malware.
Researchers describe GuptiMiner as "a highly sophisticated threat" that can perform DNS requests to the attacker's DNS servers, extract payloads from images, sign its payloads, and perform DLL sideloading.
In a report released today, cybersecurity company Avast says that the threat actor behind GuptiMiner had an adversary-in-the-middle position to hijack the normal virus definition update package and replace it with a malicious one named 'updll62.
The malicious file includes the necessary antivirus updates as well as a GuptiMiner malware as a DLL file named 'version.
The hackers used GuptiMiner to deploy multiple malware on compromised systems, including two distinct backdoors and the XMRig Monero miner.
ScreenConnect flaws exploited to drop new ToddlerShark malware.
News URL
Related news
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer (source)
- Hacker infects 18,000 "script kiddies" with fake malware builder (source)
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (source)
- New Microsoft script updates Windows media with bootkit malware fixes (source)
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
- North Korean hackers spotted using ClickFix tactic to deliver malware (source)
- New Mac Malware Poses as Browser Updates (source)
- New FrigidStealer Malware Targets macOS Users via Fake Browser Updates (source)
- North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware (source)