Cyber security news for all

More

    New, unusual Trojan horse promises tax benefits for COVID-19 victims

    A new Trojan horse appeared on cybersecurity researchers’ radar. Being aware that it could be bait in corona virus-related phishing schemes.

    MalwareHunterTeam first discovered it, the Trojan horse sample was attached to a file- “Company PLP_Tax relief due to Covid-19 outbreak CI+PL.jar.”

    Initially, only ESET antivirus engine recognized it.

    Trend Micro researchers said on Thursday that a Trojan called QNodeService lands on systems through a Java loader. The java loader built into the JAR file.

    Malicious programs are unusual because they are written in Node.js, a language primarily reserved for web server development.

    “However, using an unusual platform could help prevent detection by antivirus software,” experts say.

    The Java loader, hidden in the deceit document by Allatori, uses a malicious Node.js file. For example, either “qnodejs-win32-ia32.js” or “qnodejs-win32-x64.js”, and a file called “wizard.js.”

    The target computer loads with a 32-bit or 64-bit version of Node.js, depending on the Windows system’s architecture.

    Wizard.js’ job is to facilitate communication between the QNodeService and its command and control server. As well as maintain consistency by creating run registry keys.

    How it affects the system

    After starting on a vulnerable system, QNodeService can upload, download, and run files. Collect credentials from Google Chrome and Mozilla Firefox.

    In addition, the Trojan can steal system information, including its IP address and location. It can also download additional malware, and transfer stolen data to C2.

    These features are typical of many variants of Trojans. Still, there is an interesting feature, the “HTTP-forward” command, that allows attackers to upload files without connecting directly to the victim’s computer.

    “A valid request path and access token required to access files on the computer.” Trend Micro says, “The C2 server must first send a “file-manager/forward-access” to generate the URL and access token that will later be used for the “HTTP-forward” command.

    According to Trend Micro, the malware targets Windows computers, but the code says that “cross-platform compatibility may be a future goal.”

    Earlier this month, IBM security researchers saw significant changes to the Zeus Sphinx banking Trojan due to its integration into the new COVID-19 phishing campaigns.

     

     

    Recent Articles

    Personnel were asked to removed 89 apps which includes Instagram, Facebook, and others by the Indian Army

    Personnel are told by the Indian Army to delete 89 apps from their phones from July 15. This is in a bid to avoid...

    The warning sent to employees about Tiktok app was a mistake says Amazon

    On Friday morning, Amazon sent out a memo to its employees, asking them to uninstall the popular social media app TikTok off their phone....

    Other Android phones sold in the US contains pre-installed malware

    There’s a discovery of Pre-installed malware on another phone by researchers from Malwarebytes; through the lifeline Assistance program for sale in the United States....

    About 15 billion stolen passwords and usernames sold on the dark web.

    A recent finding has shown that about 15 billion passwords and usernames are distributed on the dark web. This compromise will bring about credential...

    Hundreds of multinational companies aimed by Russian BEC Gang

    According to the security firm Agari, there has been a discovery of a newly uncovered Russia-based business email compromise gang; BEC gang that scams...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox