Security News > 2024 > April > Hackers hijack antivirus updates to drop GuptiMiner malware
North Korean hackers have been exploiting the updating mechanism of the eScan antivirus to plant backdoors on big corporate networks and deliver cryptocurrency miners through GuptiMiner malware.
Researchers describe GuptiMiner as "a highly sophisticated threat" that can perform DNS requests to the attacker's DNS servers, extract payloads from images, sign its payloads, and perform DLL sideloading.
In a report released today, cybersecurity company Avast says that the threat actor behind GuptiMiner had an adversary-in-the-middle position to hijack the normal virus definition update package and replace it with a malicious one named 'updll62.
The malicious file includes the necessary antivirus updates as well as a GuptiMiner malware as a DLL file named 'version.
The hackers used GuptiMiner to deploy multiple malware on compromised systems, including two distinct backdoors and the XMRig Monero miner.
ScreenConnect flaws exploited to drop new ToddlerShark malware.
News URL
Related news
- Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (source)
- Hackers leverage 1-day vulnerabilities to deliver custom Linux malware (source)
- Hackers abuse Windows SmartScreen flaw to drop DarkGate malware (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- Week in review: Cybersecurity job openings, hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites (source)
- Russian Hackers May Have Targeted Ukrainian Telecoms with Upgraded 'AcidPour' Malware (source)
- Russian hackers target German political parties with WineLoader malware (source)
- Russian Hackers Use 'WINELOADER' Malware to Target German Political Parties (source)
- Hackers Hit Indian Defense, Energy Sectors with Malware Posing as Air Force Invite (source)