Hackers hijack antivirus updates to drop GuptiMiner malware

Using the eScan antivirus’s update system, North Korean hackers have been able to install backdoors on large corporate networks and distribute the GuptiMiner malware, which is used to mine cryptocurrencies.

GuptiMiner is referred regarded by researchers as “a highly sophisticated threat” because it has the ability to sign its payloads, extract payloads from pictures, execute DLL sideloading, and send DNS requests to the attacker’s DNS servers.

The threat actor behind GuptiMiner allegedly used an adversary-in-the-middle (AitM) position to take control of a legitimate virus definition update package and replace it with a malicious one called “updll62.dlz,” according to a study published today by cybersecurity firm Avast.

In addition to the required antivirus updates, the malicious download contains GuptiMiner malware read more Hackers hijack antivirus updates to drop GuptiMiner malware.

Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thorough coverage of the dangers, breaches, and solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *