Forwarded from vx-underground
Today Avast unveiled 'GuptiMiner'.
tl;dr eScan AV, out of India, used HTTP for AV updates, not HTTPS, North Korea man-in-the-middle'd updates to large networks to deliver malware
We give this APT campaign an A+ because it's absurdly well executed
https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/
tl;dr eScan AV, out of India, used HTTP for AV updates, not HTTPS, North Korea man-in-the-middle'd updates to large networks to deliver malware
We give this APT campaign an A+ because it's absurdly well executed
https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/
Gendigital
GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining
Malware Campaign Exploiting Antivirus Updates
This media is not supported in your browser
VIEW IN TELEGRAM
Me whenever I hear "Dude, AI is going to steal your job"
I didn't have much time to write code recently. Projects are accumulating, but I'll deal with them later.
โค4
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
This media is not supported in your browser
VIEW IN TELEGRAM
He does have a point, Tsoding even implemented hot-reloading in C to prove his point.
Cellebrite is a forensics company specialized in unlocking phones and extracting information.
Some time ago a whistleblower leaked their software and information.
These images show a list of phones they can unlock.
You can download the leak here:
https://ddosecrets.com/article/cellebrite-and-msab
Some time ago a whistleblower leaked their software and information.
These images show a list of phones they can unlock.
You can download the leak here:
https://ddosecrets.com/article/cellebrite-and-msab