Techly NewsGet the app

Get the latest tech news

Hackers infect users of antivirus service that delivered updates over HTTP


eScan AV updates were delivered over HTTP for five years.

The unknown hackers, who may have ties to the North Korean government, pulled off this feat by performing a man-in-the-middle (MitM) attack that replaced the genuine update with a file that installed an advanced backdoor instead, said researchers from security firm Avast today. "This sophisticated operation has been performing MitM attacks targeting an update mechanism of the eScan antivirus vendor," Avast researchers Jan Rubín and Milánek wrote. The threat actors then performed a MitM attack that allowed them to intercept the package sent by the update server and replace it with a corrupted one that contained code to install GuptiMiner.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Hackers

Hackers

Photo of users

users

Photo of updates

updates

Related news:

News photo

Is Meta AI any good and can it be turned off? Users’ react to ‘useless’ to latest chatbot

News photo

Security bugs in popular phone-tracking app iSharing exposed users’ precise locations

News photo

Grindr Sued in UK for Sharing Users' HIV Data with Ad Firms

Tesla to cut more than 6,000 jobs across three major states »