Techly NewsGet the app

Get the latest tech news

Attackers spread backdoor via eScan antivirus software update process


Avast discovered and analyzed GuptiMiner, a malware campaign hijacking an eScan antivirus update mechanism to distribute backdoors and coinminers.

On 2023-07-31, eScan confirmed that the issue was fixed and successfully resolved The campaign was orchestrated by a threat actor with possible ties to Kimsuky Two different types of backdoors have been discovered, targeting large corporate networks The final payload distributed by GuptiMiner was also XMRig When the entry point of the PE file is executed by the shellcode from Stage 0, the malware first creates a scheduled task to attempt to perform cleanup of the initial infection by removing updll62.dlz archive and version.dll library from the system. Note that the threshold for the number of returned bytes was different and significantly higher in later versions of GuptiMiner, as can be seen in a dedicated section discussing Modular Backdoor, resulting in compromising only those networks which had more than 7000 computers joined in the same domain!

Get the Android app

Or read this on Hacker News

Read more on:

Photo of attackers

attackers

Photo of backdoor

backdoor

Photo of eScan

eScan

Related news:

News photo

MITRE admits 'nation state' attackers touched its NERVE R&D operation

News photo

How Chinese firms are using Mexico as a backdoor to the US

News photo

Backdoor in XZ Utils That Almost Happened

« How we manage individual user concurrencies with Nginx and Lua
'The Man Who Killed Google Search' »