deceptive tactics Archives

Tech Optimizer

February 8, 2025

New Attack Technique to Bypassing EDR as Low Privileged Standard User

A new cyberattack technique allows attackers to bypass Endpoint Detection and Response (EDR) systems while using low-privileged standard user accounts. This method utilizes masquerading and path obfuscation to disguise malicious payloads as legitimate processes, misleading detection systems and analysts. Process creation events are crucial for identifying threats, with tools like Sysmon logging detailed information about process execution. Attackers can manipulate file paths to evade restrictions on placing payloads in protected directories. They create folders that mimic legitimate antivirus software paths using Unicode characters to resemble spaces. For example, a folder may be named C:Program[U+2000]Files, allowing the attacker to introduce their payload (SuperJuicy.exe) without raising alarms. The execution of the payload results in logs that appear legitimate, complicating detection efforts. This technique poses challenges for EDR systems, including confusion in log analysis, deceptive attribution to legitimate software, and prolonged dwell time for malicious payloads. Defensive strategies include enhanced logging rules to flag Unicode characters, adjusting log viewers to display these characters, and restricting folder creation permissions for standard users.

AppWizard

February 7, 2025

Google is ramping up Android security protection with new Android app safety tools

Google's Android Security and Privacy Team has partnered with Mandiant FLARE to enhance the capa open source binary analysis tool, which analyzes ARM ELF files used in Android malware. The integration of Gemini AI into this toolset aims to improve malware analysis and decision-making. A case study demonstrated the detection of an illegal gambling app disguised as a music app that used various anti-analysis techniques. By employing static analysis with capa, Google was able to identify and remove the app from the Google Play Store. New rules have been developed for capa to detect Android-specific malware behaviors, such as ptrace API calls and code downloading and decrypting methods. The incorporation of Gemini AI aids analysts by summarizing flagged functions and assessing risk levels, thereby accelerating malware detection and rule formulation.

Winsage

February 7, 2025

Microsoft tries again with aggressive tactics against Google and Chrome, touting Edge’s “world-class performance” with a pop-up ad promo

Microsoft is intensifying efforts to promote Bing and Edge, encouraging users to stay loyal to Edge while searching for the Google Web Store via Bing. A pop-up message promotes Edge's advantages, contrasting with straightforward Google Search results that lack similar ads. Microsoft is also using its Bing Wallpaper app to recommend Bing as the default search engine and automatically adding the Bing extension to Chrome. The company has faced criticism for mimicking Google's interface, including replicating the Google Doodle, which Google Chrome lead Parisa Tabriz described as a "new low." Mozilla has raised concerns about Microsoft's misleading designs giving Edge an unfair advantage. Microsoft CEO Satya Nadella acknowledged that Google generates more revenue from Windows than Microsoft does.

Winsage

December 14, 2024

Microsoft’s AI Recall Tool Is Still Sucking Up Credit Card and Social Security Numbers

Luigi Mangione, 26, was charged with the murder of UnitedHealthcare CEO Brian Thompson and was apprehended in Altoona, Pennsylvania, after evading authorities. He was found with counterfeit identification and a 3D-printed firearm. The U.S. government indicted 14 North Korean nationals for fraudulent IT operations aimed at funding the country's nuclear ambitions, generating an estimated million while stealing sensitive information. Microsoft’s AI Recall Tool faced privacy concerns after capturing sensitive data, prompting the company to postpone its launch and enhance security measures. Cleo file-sharing software warned customers about a vulnerability exploited by cybercriminals using malware named Malichus. The U.S. government imposed sanctions on Chinese hackers accused of hijacking thousands of firewalls, targeting critical infrastructure, and offered a million bounty for information leading to their apprehension.

Tech Optimizer

December 4, 2024

How hackers are using corrupted Microsoft Office files to fool everyone

Corrupted Microsoft Office documents and ZIP files are being used in a phishing campaign that evades antivirus detection, as reported by cybersecurity firm ANY.RUN. This tactic, active since at least August 2024, involves corrupting files to bypass email security protocols while allowing harmful content recovery. The documents are designed to avoid detection by email filters and antivirus software, using QR codes to direct users to fake Microsoft account login pages. Analysis shows these attachments often do not trigger alerts on VirusTotal, as they exploit Microsoft Word and WinRAR's recovery features. This method is categorized as a potential zero-day exploit, aiming to deceive users into opening the files and activating the QR codes for credential harvesting or malware delivery. Security experts stress the importance of user awareness and training to identify phishing attempts, while organizations are enhancing email filtering to detect file corruption patterns. The rise of QR code phishing, or "quishing," adds complexity, as many users are unaware of the risks of scanning codes.

Winsage

November 8, 2024

Windows PCs targeted by new malware hitting a vulnerable driver

Researchers have identified a new threat campaign called SteelFox, which uses counterfeit software activators and cracks to infiltrate Windows systems. The campaign deploys a vulnerable driver, information-stealing malware, and a cryptocurrency miner, compromising sensitive data and exploiting system resources for illicit mining. Victims are reported globally, including regions from Brazil to China, affecting users of commercial software like Foxit PDF Editor, JetBrains, and AutoCAD. Cybercriminals continue to advertise these fake software solutions, increasing the potential for further infections.

AppWizard

September 27, 2024

Teach cybersecurity with Microsoft and Minecraft Education | Microsoft Education Blog

Educators worldwide are utilizing Microsoft resources during Cybersecurity Awareness Month 2024 to enhance their understanding of cybersecurity and teach students about online safety. The theme for this October is “Secure Our World,” with various resources available, including conversation starters and immersive experiences like Minecraft Education worlds. Key points for discussing phishing with students include avoiding unknown links, being cautious with QR codes, recognizing social engineering tactics, and identifying red flags in phishing messages. The Minecraft Education Cyber and Digital Citizenship collection offers age-appropriate lessons on cybersecurity, divided into four bands: CyberSafe (ages 7-11), Cyber Fundamentals (ages 10-14), Cyber Expert (ages 13-18), and Cyber Defense (ages 14-18, 18 and older). Microsoft also provides mentorship opportunities, scholarships for cybersecurity degrees, and free certification for eligible students. To improve their cybersecurity skills, educators can access training modules from Microsoft that cover common threats, best practices for protecting personal information, and strategies for teaching cybersecurity concepts. By participating in Cybersecurity Awareness Month, educators aim to empower students to become informed and responsible digital citizens.

Winsage

September 21, 2024

New Microsoft Windows Warning—You Must Never Do This On Your PC

A global cyber attack is targeting Windows users, particularly those on Windows 10, as they approach a period without security updates. The campaign involves fraudulent CAPTCHA popups designed to distribute Lumma Stealer malware. Users are tricked into clicking buttons that prompt them to paste a PowerShell script, which then executes a malicious EXE file. McAfee researchers have issued an alert about these deceptive tactics, which target individuals downloading pirated games and software developers through phishing emails. The ClickFix infection chain exploits common user behaviors, leading to the installation of malware. Users are advised to be cautious and avoid executing commands from within CAPTCHAs. As Windows 10 support ends in October 2024, users may need to consider upgrading to Windows 11 for continued security.

AppWizard

August 17, 2024

BEWARE: New Scam Involving Facebook Video Calls from Your Friends

The author received a video call from a friend, Andy Johnson, who was using a suspicious phone number. The call was silent and ended in frustration. Afterward, the author learned from another friend that Andy's Facebook had been hacked, confirming that the call was a sophisticated impersonation. This type of scam has been reported previously, and many of Andy's friends had experienced similar communications. The incident underscores the need for vigilance against convincing scams.

Winsage

August 16, 2024

Windows users hit by all-new advanced malware campaign

Criminal enterprises are targeting Chinese businesses using a Remote Access Trojan (RAT) called ValleyRAT, which can take control of infected Windows endpoints. Researchers at FortiGuard identified this malware, which poses a threat to sectors like ecommerce, finance, sales, and management. The initial breach often occurs through phishing tactics, with attackers distributing loaders disguised as Microsoft Office files. Once inside a system, ValleyRAT uses a multi-stage approach to execute components in memory, making detection difficult. The malware can monitor activities and deploy plugins based on the attackers' goals. The group behind these attacks is known as "Silver Fox," which has previously targeted Chinese organizations. In spring 2023, Weibu Online reported efforts to track Silver Fox, which used SEO poisoning to enhance the visibility of their phishing sites. While the origins of Silver Fox are unclear, some experts suggest they may be of Chinese descent. Businesses are advised to keep antivirus systems updated and educate employees about phishing risks to mitigate breaches.