Universal Plug 'n' Pwn! Pinkslipbot malware exploits UPnP to help it steal credentials
A variant of Pinkslipbot is the first known malware to conduct attack campaigns using infected devices as HTTPS-based control servers.
The Pinkslipbot malware has been around since 2007. It comes equipped with keyloggers and other credential stealers to make off with U.S. users' financial information. In fact, it steals over half a million user records each day.
To perpetrate this scale of data theft, Pinkslipbot, otherwise known as the Active Directory lockout-producing QakBot trojan, relies on a botnet of 500,000 infected machines. Each newly infected bot indirectly receives instructions from the malware's real command-and-control (C&C). Two layers of defenses - infected machines serving as HTTPS proxies and additional HTTPS proxies
- funnel these commands down to bots, likely in an effort to conceal the real C&C servers' IP addresses.
more...
https://www.grahamcluley.com/universal-plug-n-pwn-pinkslipbot-malware-exploits-upnp-help-steal-credentials/
No comments:
Post a Comment