Unusual file-infecting malware steals FTP credentials - lenoxnembee
A new version of a file-infecting malware program that's beingness distributed through private road-by download attacks is also open of stealing FTP (File Transfer Communications protocol) credentials, according to security researchers from antivirus firm Veer Micro.
The newly discovered variation is part of the PE_EXPIRO family of file infectors that was identified in 2010, the Slew Micro researchers said Mon in a web log post. However, this version's information larceny routine is unusual for this type of malware.
The new threat is diffused aside luring users to catty websites that host Java and PDF exploits as part of an tap toolkit. If visitors' browser plug-ins are non aweigh to date, the malware will exist installed on their computers.
The Java exploits are for the CVE-2012-1723 and CVE-2013-1493 remote code execution vulnerabilities that were patched by Oracle in June 2012 and March 2022 respectively.
Supported on information shared past Trend Small via email, a spike in infections with this spic-and-span EXPIRO variant was canned along July 11. "About 70 percent of total infections are within the United States," the researchers said in the blog post.
Once the recent EXPIRO random variable runs on a system, it searches for .EXE files on all local, removable and networked drives, and adds its vindictive write in code to them. In addition, it collects information about the scheme and its users, including Windows log-in credential, and steals FTP certificate from a popular open-source FTP client named FileZilla.
The stolen information is stored in a file with a .DLL extension and is uploaded to the malware's command and control servers.
"The compounding of threats used is extremely antic and suggests that this attack was not an ready-to-wear attack that used readily uncommitted cybercrime tools," the Trend Micro researchers said.
The thievery of FTP credentials suggests that the attackers are either trying to compromise websites or are hard to bargain data from organizations that is stored on FTP servers. However, information technology doesn't appear that this threat is targeting any industry in particular, the Trend Little researchers said via email.
Source: https://www.pcworld.com/article/452876/unusual-fileinfecting-malware-steals-ftp-credentials-researchers-say.html
Posted by: lenoxnembee.blogspot.com
0 Response to "Unusual file-infecting malware steals FTP credentials - lenoxnembee"
Post a Comment