Microsoft urges Exchange admins to patch bug exploited in the wild
Microsoft November 2021 Patch Tuesday fixes 6 zero-days, 55 flaws
TeamTNT hackers target your poorly configured Docker servers
NUCLEUS:13 TCP security bugs impact critical healthcare devices
HPE says hackers breached Aruba Central using stolen access key
FBI warns of Iranian hackers looking to buy US orgs’ stolen data
Telnyx is the latest VoIP provider hit with DDoS attacks
Researchers show that Apple’s CSAM scanning can be fooled easily
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Search Redirect
Remove the Search Redirect
Remove the Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
North Korea
A North Korean state-sponsored hacking group known as Lazarus is again trying to hack security researchers, this time with a trojanized pirated version of the popular IDA Pro reverse engineering application.
IDA Pro is an application that converts an executable into assembly language, allowing security researchers and programmers to analyze how a program works and discover potential bugs.
Security researchers commonly use IDA to analyze legitimate software for vulnerabilities and malware to determine what malicious behavior it performs.
However, as IDA Pro is an expensive application, some researchers download a pirated cracked version instead of purchasing it.
As with any pirated software, there is always the risk of it being tampered modified to include malicious executables, which is precisely what ESET researcher Anton Cherepanov discovered in a pirated version of IDA Pro distributed by the Lazarus hacking group.
Today, ESET tweeted about a malicious version of IDA Pro 7.5 discovered by Cherepanov that is being distributed online to target security researchers.
This IDA installer has been modified to include two malicious DLLs named idahelp.dll and win_fw.dll that will be executed when the program is installed.
The win_fw.dll file will create a new task in the Windows Task Scheduler that launches the idahelper.dll program.
The idahelper.dll will then connect to the devguardmap[.]org site and download payloads believed to be the NukeSped remote access trojan. The installed RAT will allow the threat actors to gain access to the security researcher’s device to steal files, take screenshots, log keystrokes, or execute further commands.
“Based on the domain and trojanized application, we attribute this malware to known Lazarus activity, previously reported by Google’s Threat Analysis Group and Microsoft,” ESET tweeted regarding connection to Lazarus.
Cherepanov told BleepingComputer that while he does not know how the installer is being distributed, it was discovered recently and appears to have been distributed since Q1 2020
The Lazarus hacking group, also known as Zinc by Microsoft, has a long history of targeting security researchers with backdoors and remote access trojans.
In January, Google disclosed that Lazarus conducted a social media campaign to create fake personas pretending to be vulnerability researchers.
Using these personas, the hacking group would contact other security researchers about potential collaboration in vulnerability research.
After establishing contact with a researcher, the hackers would send Visual Studio projects related to an alleged ‘vulnerability,’ which contained a malicious hidden DLL named ‘vcxproj.suo.’
When the researcher attempted to build the project, a pre-build event would execute the DLL, which acted as a custom backdoor installed on the researcher’s device.
Other Lazarus attacks also used an Internet Explorer zero-day to deploy malware on security researcher’s devices when they visited links sent by the attackers.
While it was never determined what the ultimate goal was for these attacks, it was likely to steal undisclosed security vulnerabilities and exploits that the hacking group could use in their own attacks.
Hacking group also used an IE zero-day against security researchers
North Korean state hackers start targeting the IT supply chain
RAT malware spreading in Korea through webhards and torrents
Political-themed actor using old MS Office flaw to drop multiple RATs
Chinese hackers use Windows zero-day to attack defense, IT firms
Not a member yet? Register Now
MediaMarkt hit by Hive ransomware, initial $240 million ransom
Microsoft urges Exchange admins to patch bug exploited in the wild
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


You May Also Like

UK govt shares 585 million passwords with Have I Been Pwned

UK govt shares 585 million passwords with Have I Been PwnedFBI: State…

Microsoft: Office 365 will boost default protection for all users

Microsoft: Office 365 will boost default protection for all usersMicrosoft increases Windows…

The Week in Ransomware – November 5th 2021 – Placing bounties

Ukraine links members of Gamaredon hacker group to Russian FSBSamsung Galaxy S21…

The new Microsoft Store is now rolling out to Windows 10 PCs

AMD fixes dozens of Windows 10 graphics driver security bugsVoid Balaur hackers-for-hire…