This VPN Is Being Abused To Spread Malware

[ad_1]

Cybersecurity researchers from SentinelLabs have recently spotted a hacking campaign in which legitimate certificates used by a VPN service were abused to hide malware in plain sight.

The researchers pinned the campaign to Bronze Starlight, a Chinese state-sponsored APT, which was after companies in the gambling industry, located in the Southeast Asia region.

As per their report, the group was distributing two .NET executables – agentupdate_plugins.exe and AdventureQuest.exe, most likely through trojanized chat apps. The goal of the campaign, according to the researchers, is to deliver a Cobalt Strike beacon.

Hiding in plain sight

Cobalt Strike is a commercial penetration testing tool, used by both security professionals and cybercriminals. Legitimate use cases include testing the security of networks and systems.

The code-signing certificate for the .NET executables was the same one that’s used by the installer for Ivacy VPN, a popular virtual private network solution.

By using a legitimate certificate, the attackers can bypass cybersecurity solutions installed on the target endpoint, and also make sure that any inbound and outbound traffic generated by the malware remains hidden.

The researchers also discovered that the two .NET executables were designed not to work in certain countries, including the United States, Germany, France, Russia, India, Canada, or the UK, most likely to further evade detection. But the geofencing feature wasn’t implemented properly, they added.

“It is likely that at some point the PMG PTE LTD signing key has been stolen – a familiar technique of known Chinese threat actors to enable malware signing,” SentinelLabs said. “VPN providers are critical targets since they enable threat actors to potentially gain access to sensitive user data and communications.”

Ivacy VPN is currently silent on the matter, so it’s difficult to determine exactly how the hackers obtained the certificates. They have, since then, been invalidated for breaching “baseline requirements” set up by DigiCert.

Via: BleepingComputer

[ad_2]
#VPN #abused #spread #malware

This VPN is being abused to spread malware

Like this:

Related

Leave a ReplyCancel reply

Product Highlight

Recent Posts

SSC all exams, links is here

Gen Z Wants Growth, Not Boss Titles: What Global Survey Reveals About Career Mindset

BJP Asks K`taka Govt To Share Details Of B`luru Tunnel Project, Says It Should First Fix Potholes

Amid Afghanistan-Pakistan Tensions, A Call From Delhi To Kabul On `Regional Situation`

West Bengal Fake Passport Racket: ED Launches Raids Linked To Pakistani Citizen

Air India Flight Makes Precautionary Landing In Mongolia Due To Suspected Technical Issue

Canada Rejects Three In Four Indian Study Permit Applications Amid Immigration Clampdown

Auto Driver Stabbed To Death In Delhi; One Held

Kenya Landslides Kill 21, Destroy Over 1,000 Homes Amid Heavy Rains

Bihar Polls: Who Killed Dularchand Yadav? Inside The Conspiracy Theories Tearing Through Mokama

Rahul Gandhi Tries Fishing In Bihar’s Begusarai Local Pond- Video

Welcome

Categorys

Site Links