Press Release
You become infected with RedLine malware through fake Windows 11 upgrade installers.
Users of Windows 10 have begun to get phoney Windows 11 upgrade installers, tricking them into downloading and running RedLine stealer software.
The attacks took place at the same time that Microsoft announced the broad deployment phase for Windows 11. As a result, the attackers were well-prepared for this move and waited for the ideal time to maximise the effectiveness of their operation.
As the most extensively used password, browser cookie, credit card, and cryptocurrency wallet information thief at the moment, RedLine stealer infections can have serious negative effects on the victims.
The initiative
The attackers exploited the “windows-upgraded.com” domain for the malware distribution portion of their campaign, according to HP experts who have detected this effort.
When a visitor selected the “Download Now” button on the website, a 1.5 MB ZIP archive with the name “Windows11InstallationAssistant.zip” was downloaded directly from a Discord CDN. The website looks to be an official Microsoft website.
Decompressing the file yields a folder with a size of 753MB and a remarkable compression ratio of 99.8%, which was made possible by the executable’s inclusion of padding.
An encoded parameter starts a PowerShell process when the victim runs the programme in the folder.
A.jpg file is then retrieved from a distant web server when a cmd.exe process with a 21-second timeout has finished running.
The DLL in this file is organised in reverse, maybe to avoid detection and analysis.
The first process then loads the DLL and swaps it out for the current thread context. That DLL is a RedLine stealer payload that uses a TCP connection to communicate with the command-and-control server to receive instructions on what malicious operations should be performed next on the recently compromised system.
Outlook
Nothing prevents the actors from registering a new domain and continuing their campaign even though the distribution site is currently unavailable. In fact, it’s quite likely that this is already taking place in nature.
Due to hardware compatibility issues, many Windows 10 customers are unable to download Windows 11 via the official distribution channels. Malware operators see this as a great opportunity to recruit new victims.
The strategies disclosed by HP are not surprising at this time, as threat actors are also use Windows’ legitimate update clients to execute malicious code on compromised Windows systems, as BleepingComputer discovered in January.
Remember that these risky websites are advertised through forum postings, posts on social media, and instant messages, so only rely on the official Windows upgrade system alerts.
ComboFix is a tool made by sUBs that checks your computer for known malware and tries to automatically remove infestations when it finds any. In addition to being able to get rid of a lot of the most popular and up-to-date malware, ComboFix also shows a report that skilled assistants may use to get rid of malware that isn’t already eradicated by the programme.
Please be aware that executing this programme without supervision may result in improper operation of your computer. Run this programme only at the direction of a knowledgeable assistant.
At the moment, Windows 8.1 is not compatible with this programme, just Windows 8!
The author is collecting PayPal donations from people who want to support his work. By selecting the following picture, you may contribute:
In an attack just before the holidays, the accounts of over three million customers of the American appointment scheduling service FlexBooker were taken, and they are now being exchanged on hacker forums.
The same hackers are also selling databases they claim to be from two other organisations: the Australian case management system rediCASE and the racing media outlet Racing.com.
Holiday breaches before
A few days before Christmas, there were supposedly three breaches, and the intruder posted the information on a hacking forum.
A popular programme for booking appointments and syncing employee calendars, FlexBooker, appears to be the source of the most recent data dump.
Owners of any company that needs to plan appointments, such as accountants, barbers, doctors, mechanics, lawyers, dentists, gyms, salons, therapists, trainers, spas, and the list goes on, are among FlexBooker’s clients.
The group claiming responsibility for the attack appears to go by the name of Uawrongteam, and they published links to files and archives containing personal information, including pictures, driver’s licences, and other IDs.
The database, according to Uawrongteam, has a table with 10 million lines of client data, including everything from payment forms and charges to pictures taken for driver’s licences.
Names, emails, phone numbers, password salt, and hashed passwords are among the database’s “juicy columns,” according to the actor.
Customers of FlexBooker have received a data breach notification that confirms the attack and that data on the service’s Amazon cloud storage system was “accessed and downloaded” by the intruders.
The letter states that “our account on Amazon’s AWS servers was compromised on December 23, 2021, starting at 4:05 PM EST,” adding that the attackers did not obtain “any credit card or other payment card information.”
FlexBooker advised consumers to be on the lookout for strange or fraudulent activities, and to monitor account statements and credit reports.
For further information, the developer also directed users to a report on a distributed denial-of-service (DDoS) attack. It was then determined that some customers’ personal information had been obtained by the hackers.
The FlexBooker assault exposed email addresses, names, partial credit card information, passwords, and phone numbers for more than 3.7 million users, according to the data breach reporting service Have I Been Pwned.
Prior to FlexBooker, the threat actor known as Uawrongteam distributed links to material that was purportedly taken from Racing.com, a digital television station that broadcasts horse racing and offers news, stats, and event calendars associated with the sport.
The data from the Redbourne Gang’s rediCASE Case Management Software, which is utilised by numerous enterprises in addition to health and community agencies, looks to be another target of the same group.
Press Release
Rapyd, a “fintech-as-a-service” provider, to acquire Iceland-based Valitor, which establishes in-store and on the internet payments technologies, for $100M (Omar Faridi/Crowdfund Expert).
Rapyd, a “fintech-as-a-service” provider, to acquire Iceland-based Valitor, which develops in-store and online payments technologies, for $100M (Omar Faridi/Crowdfund Insider)
Omar Faridi / Crowdfund Insider:
Rapyd, a “fintech-as-a-service” provider, to acquire Iceland-based Valitor, which develops in-store and online payments technologies, for $100M — – Twitter- Facebook- LinkedIn- Pinterest- Reddit- HackerNews- Telegram- Weibo- Email- Print- Subscribe
-
Social Media10 months agoWho is Rouba Saadeh?
-
Apps10 months agoWhy is Everyone Talking About Hindi Keyboards?
-
Social Media10 months agoMati Marroni Instagram Wiki (Model’s Age, Net Worth, Body Measurements, Marriage)
-
Entertainment10 months ago12 Online Streaming Sites that Serve as Best Alternatives to CouchTuner
-
Apps10 months agoThings you need to know about Marathi keyboard today
-
Apps10 months agoStuck with Your default Bangla keyboard? Isn’t it time for a change?
-
Entertainment10 months agoMovierulz Website: Movierulzz 2021 Latest Movies on Movierulz.com
-
Social Media10 months agoBrooke Daniells: Everything About Catherine Bell’s Partner