In the recently observed campaign, the payload ran on Windows and Linux, and had a multi-stage architecture to ensure that the cryptominer couldn’t be easily traced back to the malicious add-on. Last year, Fortinet researchers observed two attacks where threat actors leveraged VBA macros embedded in Excel attachments to spread Dyzap malware and a variant of Strictor ransomware. In 2016, IBM Managed Security Services observed an attack campaign using VBA macros to deliver Locky ransomware. “The industry recently witnessed this trend in the form of bad actors leveraging Visual Basic for Applications (VBA) macros to spread malware.” “Cybercriminals are increasingly abusing add-ons and scripting functionalities in response to the tightening of security measures for operating systems,” IBM researchers noted in a posting last week. In this latter case, victims would be initially compromised and the malware would persist, though it would receive no further updates to the malicious add-on. Thirdly, users could install a ready-made Kodi build that contains a malicious add-on but no link to a repository for updates. They could add the URL of a malicious repository to their Kodi installation, which would download add-ons whenever they update their Kodi installations or, they could install a ready-made Kodi build that includes the URL of a malicious repository. Researchers from ESET said that malware can spread through Kodi in three different ways. By targeting the various add-ons and relying on Kodi’s auto-update feature, it’s possible to stealthily spread bad code throughout the ecosystem. Users also can extend the software’s functionality by installing add-ons, found both in the official Kodi repository and in various third-party repositories. Kodi is free and open-source, and can be used to play videos, music, podcasts and other digital media files from local and network storage media and the internet/streaming sources. Those victims are still at risk, researchers warned. The Kodi media player has emerged as a malware distribution platform for cybercriminals, recently becoming the target for a cryptomining campaign that compromised about 5,000 machines before being thwarted.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |