User Controls
Cross platform malware targets *nix, OSX and Windows.
-
2016-09-08 at 12:55 PM UTCSo kaspersky lab has identified a modular malware written in C++ and Qt that's cross platform compatible. Not only does it log keystrokes and takes screenshots, it's a remote access tool at the same time. Communication with it's C2 is encrypted with AES. It comes with "Man in the Browser" and shellcode execution functionality as well.
Here's a short article by kaspersky with regards to the malware.
https://threats.kaspersky.com/en/threat/Backdoor.Win32.Mokes/
Technical summary of windows variant.
https://www.symantec.com/security_response/earthlink_writeup.jsp?docid=2016-020102-5702-99
Hacker news article.
https://thehackernews.com/2016/09/cross-platform-malware.html
All in all, a pretty sophisticated piece of kit. -
2016-09-08 at 12:58 PM UTCtfw nobody tries to hack Greenland and Madagascar.
-
2016-09-08 at 1:16 PM UTC
tfw nobody tries to hack Greenland and Madagascar.
Yeah lol, most targeted seems as usual the USA. -
2016-09-09 at 7:14 AM UTCHow do you get infected? I know on windows you can just get infected by a drive by when visiting some porn site, but how would this work on Linux? Only way I can imagine is by infecting some package repository (like transmission a few days ago?) or by having a user pipe wget into sudo shell or something.
That said, it's pretty fucking cool to have cross-platform malware. I wonder if the extra work required to do that has payed off for its creators. -
2016-09-09 at 12:20 PM UTC[SIZE=28px]Me 5 minutes ago.[/SIZE]
sudo apt-get updateHow do you get infected? I know on windows you can just get infected by a drive by when visiting some porn site, but how would this work on Linux? Only way I can imagine is by infecting some package repository (like transmission a few days ago?)
or by having a user pipe wget into sudo shell or something.
Most likely one form of social engineering or another i'd say.That said, it's pretty fucking cool to have cross-platform malware. I wonder if the extra work required to do that has payed off for its creators.
I would be willing to wager it has. The general business model of blackhat malware writers is, as i understand it, build malware with cool features, sell to the highest bidder. Not only do they outsource culpability they make a pretty penny in the process. -
2016-09-12 at 1:58 PM UTC
[SIZE=28px]Me 5 minutes ago.[/SIZE]
<snip snip>
Most likely one form of social engineering or another i'd say.
Damn it, you're right.
Another idea here is to push something this into an npm module and trick the user into installing it with sudo. Not a single nodejs/php developer knows shit, so they'd be happy to do it. A while ago there was an article about how easy it is to either take over abandoned npm repos or just create new ones with subtle typos to trick users into installing shit. Then, all you gotta do is get the script to collect ssh keys and enjoy access to hundreds of VPSes.
-
2016-09-13 at 2:03 AM UTCThere are many malware tools available in the market, and most of them can be used to deal with malware. However, not every tool can detect and remove all types of malware threats. Hence, sometimes you need to install different tools on your PC. Below I will list several tools that I find useful in dealing with malware.
- CCleaner - CCleaner 5.21.5700 - Useful tool for cleaning out all the crap that has built up on your computer from general use. This helps to decrease the amount of files that are scanned and can greatly speed up scanning.
- Malwarebytes Anti-Malware - http://www.malwaretips.org/malwarebytes.php - One of the best removal tools out there right now.
- SuperAntiSpyware - SuperAntiSpyware 6.0.1224 - Another great removal tool
- SuperAntiSpyware Portable Scanner! - SUPERAntiSpyware - SUPERAntiSpyware Portable Scanner - This is the same SAS scanner and removal engine in a portable formfactor that does not require installation on the infected system. Haven't had a chance to use this in the wild yet but looks promising.
- Spybot Search & Destroy - http://www.filehippo.com/download_sp...earch_destroy/ - Yet another good removal tool. Also useful for "inoculating" your web browsers against future attacks. New version seems to be able to clean temp files that CCleaner sometimes misses and some malware that Malwarebytes missed the last time I used it.
- ComboFix - ComboFix | freeware - This is a great tool for cleaning up a system that is messed up to the point you can't run MBAM or anything else. After running this you should still run the other tools to clean up the left-overs.
- RootRepeal - rootrepeal - Rootkit removal tool. Run this when you can't get any other tool to run or install.
- TDSSKiller - http://support.kaspersky.com/faq/?qid=208283363 - Rootkit removal tool from Kaspersky. Pretty snazzy if you ask me.
- Avira AntiVir Personal - Avira Free Antivirus 15.0.19.164 - Really good free anti-virus application. Has somewhat annoying ad that pops up reminding you of all the fantastic other stuff you get it you would just buy it already. I've found this confuses and scares less savvy users that think it may be one of those fake-AV trojans.
- SpyHunter - http://guides.uufix.com/Spyhunter_Download.php - A powerful anti-malware program that can deal with different types of malware including Trojans, worms, viruses, browser hijackers, adware and PUPs.
- Microsoft Security Essentials - Windows | Official Site For Microsoft Windows 10 OS, Laptops, PCs, Tablets & More - Microsoft's free Anti-Virus/Anti-Malware program. Has gotten great reviews and I've been using it on systems instead of Avira. Doesn't catch everything but neither does Symantec, McAfee, Sophos, ESET, Avira, Avast, Panda, Trend, etc . . .
- Avira AntiVir System Rescure CD - Free Downloads of Avira Antivirus Software & Utilities - Linux Boot CD that has Avira AntiVir anti-virus/anti-malware software with latest definitions preloaded. Download and burn to a CD and boot your computer from it to do some scanning and removing action.
