Tag: eScan Antivirus Update Mechanism

eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners
News

eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners

Via a persistent threat nicknamed GuptiMiner that targets major corporate networks, a new malware campaign has been distributing backdoors and cryptocurrency miners like XMRig by taking advantage of the update mechanism of the eScan antivirus program. The action, according to cybersecurity company Avast, is the product of a threat actor who may have ties to the Kimsuky hacker gang, also known as Black Banshee, Emerald Sleet, and TA427. Kimsuky is a North Korean hacking group. Avast stated that GuptiMiner is a highly sophisticated threat that employs a couple of techniques, including sideloading, extracting payloads from seemingly innocent images, signing its payloads with a custom trusted root anchor certification authority, and making DNS requests to the attacker's DNS servers. ...