10-31-2016 , 11:28 PM
Thread Rating:
RAT Hosted on PasteBin Leads to BSOD
|
11-01-2016 , 12:16 AM
I have read the news just now, thanks a lot
11-01-2016 , 12:45 AM
dino, can you post more details or a link
The link doesn't open for me
11-01-2016 , 01:24 AM
(11-01-2016 , 12:45 AM)tarekma7 Wrote: dino, can you post more details or a link you can read here: Because malware authors never sleep, it is always entertaining to see what are the most recent tactics they're coming up with to distribute their payloads. Security researchers from Malwarebytes have stumbled on a malware campaign that uses some pretty out-of-the-ordinary tactics. The Malwarebytes team says they've discovered a tainted file called VMWare.exe, which appears to be a pirated or cracked version of the well-known VMWare virtualization software. Suspicious file fetches PasteBin script that installs njRAT Pieter Arntz, Malwarebytes malware researcher, says during the installation of this suspicious application, the installer would connect to PasteBin, a text sharing portal, access a page, and download a paste. He says this paste contained a Visual Basic script, which the installer would run on the victim's PC. The script would also connect to an online server, download and execute another EXE file called Tempwinlogon.exe. Arntz says this file would install the Bladabindi remote access trojan (RAT), also known as Derusbi or njRAT. Operating from a file called Tr.exe, this RAT would be used to log the user's keystrokes using a keylogger component. Malware crashes PC if they try to terminate its process Arntz says that if users notice the suspicious process running on their PCs and attempted to terminate its process via Task Manager, the computer would instantly crash, showing a BSOD. This behavior is similar to a JavaScript-based malware discovered by Kahu Security. Whenever users would attempt to terminate the process of that malware, it would shut down the user's PC, and restart itself thanks to a boot persistence mechanism it installed in a previous phase. "Do consider changing your passwords though, if you have been infected with this RAT, since the passwords might have been compromised by this threat," Arntz warns users. |
« Next Oldest | Next Newest »
|
Possibly Related Threads… | |||||
Thread | Author | Replies | Views | Last Post | |
Encrypted phone service 'Encrochat' shutdown leads to 6,500 arrests | 0 | 572 |
06-27-2023 , 05:36 PM Last Post: |
||
Alibaba’s cloud platform that hosted Shanghai’s police database used outdated systems | 0 | 778 |
07-18-2022 , 02:27 PM Last Post: |
||
Ransomware attack at German hospital leads to death of patient | 0 | 974 |
09-17-2020 , 11:51 PM Last Post: |
||
Facebook Messenger Spam Leads to Adware, Malicious Chrome Extensions | 0 | 2,046 |
08-25-2017 , 01:26 PM Last Post: |
||
More than Half of the World's Malicious Websites Are Hosted in the US | 0 | 2,246 |
04-20-2016 , 11:04 PM Last Post: |
Users browsing this thread: 1 Guest(s)