+- Bezbedan Balkan (https://bezbedanbalkan.net)
+-- Forum: Opšte teme (https://bezbedanbalkan.net/forum-1.html)
+--- Forum: Vesti, zanimljivosti i razno (https://bezbedanbalkan.net/forum-26.html)
+--- Thread: Hijack Software Updates to Implant Spyware (/thread-1248.html)
Hijack Software Updates to Implant Spyware - 1van - 02-09-2024
Quote:ESET speculates that the attackers "are deploying a network implant in the networks of the victims, possibly on vulnerable network appliances such as routers or gateways."
Quote:"The fact that we found no indications of traffic redirection via DNS might indicate that when the hypothesized network implant intercepts unencrypted HTTP traffic related to updates, it replies with the NSPX30 implant's dropper in the form of a DLL, an executable file, or a ZIP archive containing the DLL."
Quote:The backdoor is downloaded via an HTTP request to Baidu's website www.baidu[.]com, a legitimate Chinese search engine, with an unusual User-Agent string that masquerades the request as originating from the Internet Explorer browser on Windows 98.
Detalji: https://thehackernews.com/2024/01/china-backed-hackers-hijack-software.html
RE: Hijack Software Updates to Implant Spyware - SonjaS - 02-12-2024
Ovo je bas lepo objašnjeno. Hvala Ivane.
