AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 1/5/2022

Malicious Telegram Installer Drops Purple Fox Rootkit

We have often observed threat actors using legitimate software for dropping malicious files. This time however is different. This threat actor was able to leave most parts of the attack under the radar by separating the attack into several small files, most of which had very low detection rates by AV engines, with the final stage leading to Purple Fox rootkit infection. Thanks to the MalwareHunterTeam, we were able to dig deeper into the malicious Telegram Installer. This installer is a compiled AutoIt (a freeware BASIC-like scripting language designed for automating Windows GUI and general scripting) script called “Telegram Desktop.exe”. This AutoIt script is the first stage of the attack which creates a new folder named “TextInputh” under C:\Users\Username\AppData\Local\Temp\ and drops a legitimate Telegram installer (which is not even executed) and a malicious downloader (TextInputh.exe). 


Recorded Future acquires internet inventory startup SecurityTrails for $65M

Threat intelligence giant Recorded Future announced Tuesday that it has acquired SecurityTrails, an internet inventory startup that collects and banks current and historical domain and IP address data, for $65 million. Financial terms of the deal were not immediately disclosed. A spokesperson for Recorded Future confirmed the acquisition price. SecurityTrails collects and maintains vast amounts of current and historical internet records, such as domain name records, registration data and DNS information, giving organizations visibility into what their threat attack surface is — that is, the networks and servers that are accessible from the wider internet.


How Addictive Social Media Algorithms Could Finally Face a Reckoning in 2022

In the face of claims that they prioritize profits over people, Facebook and Instagram are under mounting pressure to reform the ways in which their platforms are built to be addictive for users. Experts say this increased scrutiny could signal that the social media industry’s current business model is due for a significant disruption. Often compared to Big Tobacco for the ways in which their products are addictive and profitable but ultimately unhealthy for users, social media’s biggest players are facing growing calls for both accountability and regulatory action. In order to make money, these platforms’ algorithms effectively function to keep users engaged and scrolling through content, and by extension advertisements, for as long as possible.


John Deere’s Self-Driving Tractor Stirs Debate on AI in Farming

DEERE & CO. helped mechanize agriculture in 1837 with the first commercially successful steel plow. On Tuesday, the company unveiled a machine that could prove just as transformative: a fully autonomous tractor. John Deere’s new 8R tractor uses six pairs of stereo cameras and advanced artificial intelligence to perceive its environment and navigate. It can find its way to a field on its own when given a route and coordinates, then plow the soil or sow seeds without instructions, avoiding obstacles as it goes. A farmer can give the machine new orders using a smartphone app. Some tractors already operate autonomously but only in limited situations—following a route defined by GPS, for example, without the ability to navigate around obstacles. Others feature limited autonomy that still requires a farmer to sit behind the wheel. “It’s a monumental shift,” says Jahmy Hindman, Deere’s chief technology officer, of the new machine, revealed at the 2022 Consumer Electronics Show in Las Vegas. “I think it’s every bit as big as the transition from horse to tractor.”


Hackers Target Real Estate Websites with Skimmer in Latest Supply Chain Attack

Threat actors leveraged a cloud video hosting service to carry out a supply chain attack on more than 100 real estate websites operated by Sotheby’s Realty that involved injecting malicious skimmers to steal sensitive personal information. “The attacker injected the skimmer JavaScript codes into video, so whenever others import the video, their websites get embedded with skimmer codes as well,” Palo Alto Networks’ Unit 42 researchers said in a report published this week. The skimmer attacks, also called formjacking, relates to a type of cyber attack wherein bad actors insert malicious JavaScript code into the target website, most often to checkout or payment pages on shopping and e-commerce portals, to harvest valuable information such as credit card details entered by users.


FTC: Patch Log4j Now or Risk Major Fines

The Federal Trade Commission (FTC) has urged US organizations to patch the recently discovered Log4Shell vulnerability or risk facing punitive action from the agency. The consumer protection agency said that the original CVE-2021-44228 bug found in the Java logging utility late last year is being widely exploited in the wild and poses “a severe risk to millions of consumer products,” including enterprise software and web applications. “When vulnerabilities are discovered and exploited, it risks a loss or breach of personal information, financial loss and other irreversible harms,” it continued. “The duty to take reasonable steps to mitigate known software vulnerabilities implicates laws including, among others, the Federal Trade Commission Act and the Gramm Leach Bliley Act. It is critical that companies and their vendors relying on Log4j act now, in order to reduce the likelihood of harm to consumers, and to avoid FTC legal action.”

Related Posts