Researchers have warned that hackers are putting a new spin on an old injection techniques and successfully end-running endpoint protection. They are tracking a campaign, that kicked off in January, that is still going strong exploiting weaknesses in web browsers. The objective is to hide in the background of infected systems in order to steal user passwords, track online habits and hijack personal information, according to a Cisco report.
Cisco Talos said the wave of ongoing campaigns use custom long -used droppers to plant information-hijacking malware such as Agent Tesla & Loki-Bot into common application processes.
“The adversaries use custom droppers, which inject the final malware into common processes on the victim machine,” said a researcher about the new finding. “Once infected, the malware can steal information from many popular pieces of software, including the Google Chrome, Safari and Firefox web browsers.”
The dropper campaigns researchers observed work in several stages that use “obfuscation chains” to elude modern AV protections.
If the file is opened, it goes through several more processes to elude detection, including decryption just before runtime, and never on the hard-drive, Unterbrink wrote. In this way, it can inject a dropper onto a victim’s machine, such as AgentTesla, that is capable of stealing credentials from most browsers, email clients, SSH/SFTP/FTP clients and other software, he said.
This incident is just one of the many major Cyber threats that have been uncovered in this year & once again stresses the need for organizations to shift their emphasis to being reactionary towards being proactive towards the cybersecurity so as to defend against all emerging cyber threats.
Technology dependency in Business are growing, so is the risk. We come across SOS situation every now and then due to Cyber Crime.
Infopercept SOS model is like vaccine which immunize against threat at various levels
H-1209, Titanium City Center,
Anand Nagar Road, Satellite Road,
Ahmedabad – 380 015