Wednesday, December 4, 2024

Sneaky Chinese MysterySnail Malware Hits Windows Computers Without Latest Patches

Date:

The Chinese group of hackers exploits vulnerabilities in Windows operating systems. It installs a hitherto unknown Trojan horse on them, allowing subsequent remote access. The malware, known as MysterySnail, was discovered by Kaspersky security experts on various servers between late August and early September 2021.

In addition, they also detected consistent abuse in get elevated user privileges, which focuses on a Win32k driver security bug logged as CVE-2021-40449. Microsoft fixed this security flaw during the October patch on Tuesday.

Malware mystery

“In addition to finding a zero-day bug, we analyzed the functionality of the malware used and found that variants of this malicious code were detected in large-scale spy campaigns against IT companies, military / defense contractors and diplomatic entities.” Kaspersky experts Boris Larin and Costin Raiu said.

The similarity of the code and the reuse of the C2 infrastructure linked these attacks to a group called IronHusky and Chinese hackers, known as the 2012 attacks. IronHusky hacking group was first captured in 2017 during an investigation into a campaign targeting Russian and Mongolian governments, airlines and research institutes to gather intelligence on the Russo-Mongol military talks.

The MysterySnail Enhanced Deployment goal is focused on client and server versions of Windows, from Windows 7 and Windows Server 2008 to the latest versions, including Windows 11 and Windows Server 2022, that do not have the CVE-2021 bug fix installed. -40449.

Remote control by hackers

The MysterySnail Trojan is designed to recover and collect system information from infected machines and more. waiting for more commands from control server. In this way, hackers gain almost complete control over the computer in the event of a successful intrusion.

MysterySnail can perform various tasks on infected computers, from starting new processes and ending running processes to starting interactive shells and a proxy server with support for up to 50 simultaneous connections.

“The malware itself is not very sophisticated and has similar characteristics to many other remote computer control applications.” both researchers added. “However, it excels in some ways, with a relatively large number of implemented commands and other capabilities, such as on-board disk drive monitoring and the ability to act as a proxy server.” More technical details and indicators of compromise see the messagePosted by Kaspersky.

Ebenezer Robbins
Ebenezer Robbins
Introvert. Beer guru. Communicator. Travel fanatic. Web advocate. Certified alcohol geek. Tv buff. Subtly charming internet aficionado.

Share post:

Popular

More like this
Related

Practice Acrylic Nail Techniques Without Needing a Fake Hand

When you're starting your journey with acrylic nails, practice...

Inside the World of Common Snapping Turtles: Behavior and Habitat

The common snapping turtle (Chelydra serpentina) is one of...

How to Use Video Marketing to Promote B2C Products?

Video marketing has emerged as a powerful tool for...

Adapting to Change: The Future for Leopard Tortoise Environments

Leopard tortoises, known for their striking spotted shells and...