BlackTech Threat Group Steals D-Link Certificates To Spread Backdoor Malware
BlackTech Threat Group Steals D-Link Certificates To Spread Backdoor Malware
Published on July 10, 2018 at 03:20PM
Security researchers have discovered a new malicious campaign that utilizes stolen D-Link certificates to sign malware. From a report: A lesser-known cyber-espionage group known as BlackTech was caught earlier this month using a stolen D-Link certificate to sign malware deployed in a recent campaign. "The exact same certificate had been used to sign [official] D-Link software; therefore, the certificate was likely stolen," says Anton Cherepanov, a security researcher for Slovak antivirus company ESET, and the one who discovered the stolen cert. Cherepanov says BlackTech operators used the stolen cert to sign two malware payloads -- the first is the PLEAD backdoor, while the second is a nondescript password stealer. According to a 2017 Trend Micro report, the BlackTech group has used the PLEAD malware in the past. Just like in previous attacks, the group's targets for these most recent attacks were again located in East Asia, particularly in Taiwan. The password stealer isn't anything special, being capable of extracting passwords from only four apps -- Internet Explorer, Google Chrome, Mozilla Firefox, and Microsoft Outlook.
Hope you like this please comment your view and share to your friends thanks for visiting bye guys meet you in next post
Published on July 10, 2018 at 03:20PM
Security researchers have discovered a new malicious campaign that utilizes stolen D-Link certificates to sign malware. From a report: A lesser-known cyber-espionage group known as BlackTech was caught earlier this month using a stolen D-Link certificate to sign malware deployed in a recent campaign. "The exact same certificate had been used to sign [official] D-Link software; therefore, the certificate was likely stolen," says Anton Cherepanov, a security researcher for Slovak antivirus company ESET, and the one who discovered the stolen cert. Cherepanov says BlackTech operators used the stolen cert to sign two malware payloads -- the first is the PLEAD backdoor, while the second is a nondescript password stealer. According to a 2017 Trend Micro report, the BlackTech group has used the PLEAD malware in the past. Just like in previous attacks, the group's targets for these most recent attacks were again located in East Asia, particularly in Taiwan. The password stealer isn't anything special, being capable of extracting passwords from only four apps -- Internet Explorer, Google Chrome, Mozilla Firefox, and Microsoft Outlook.
Read more of this story at Slashdot.
Hope you like this please comment your view and share to your friends thanks for visiting bye guys meet you in next post
BlackTech Threat Group Steals D-Link Certificates To Spread Backdoor Malware
![BlackTech Threat Group Steals D-Link Certificates To Spread Backdoor Malware]()
Reviewed by Kartik
on
July 10, 2018
Rating:
No comments: