The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: Command-and-Control Server

New malware found using Google Drive as its command-and-control server

New malware found using Google Drive as its command-and-control server

January 21, 2019Mohit Kumar
Since most security tools also keep an eye on the network traffic to detect malicious IP addresses, attackers are increasingly adopting infrastructure of legitimate services in their attacks to hide their malicious activities. Cybersecurity researchers have now spotted a new malware attack campaign linked to the notorious DarkHydrus APT group that uses Google Drive as its command-and-control (C2) server. DarkHydrus first came to light in August last year when the APT group was leveraging the open-source Phishery tool to carry out credential-harvesting campaign against government entities and educational institutions in the Middle East. The latest malicious campaign conducted by the DarkHydrus APT group was also observed against targets in the Middle East, according to reports published by the 360 Threat Intelligence Center ( 360TIC ) and Palo Alto Networks. This time the advanced threat attackers are using a new variant of their backdoor Trojan, called RogueRobin , which i
New Malware Takes Commands From Memes Posted On Twitter

New Malware Takes Commands From Memes Posted On Twitter

December 18, 2018Wang Wei
Security researchers have discovered yet another example of how cybercriminals disguise their malware activities as regular traffic by using legitimate cloud-based services. Trend Micro researchers have uncovered a new piece of malware that retrieves commands from memes posted on a Twitter account controlled by the attackers. Most malware relies on communication with their command-and-control server to receive instructions from attackers and perform various tasks on infected computers. Since security tools keep an eye on the network traffic to detect malicious IP addresses, attackers are increasingly using legitimate websites and servers as infrastructure in their attacks to make the malicious software more difficult to detect. In the recently spotted malicious scheme, which according to the researchers is in its early stage, the hackers uses Steganography —a technique of hiding contents within a digital graphic image in such a way that's invisible to an observer—to hid
Android Malware uses Google Cloud Messaging Service; infected over 5 Million Devices

Android Malware uses Google Cloud Messaging Service; infected over 5 Million Devices

August 16, 2013Anonymous
The Kaspersky Lab researchers recently have discovered a number of Android malware apps are abusing the Google Cloud Messaging Service (GCM) as Command and Control server . The GCM  service allows Android app developers to send messages using JSON Format for installed apps, but hackers exploited it for malicious Purposes. Using Google Cloud Messaging Service (GCM) as Command and Control server for Android Malware is not a new concept, as last year Security researcher and Hacker ' Mohit Kumar ' demonstrated ' Android Malware Engine ' - One of the Most Sophisticated Android malware during Malcon conference. The Kaspersky Lab researchers have detected at least five Different Android Trojans that used JSON format: 1. SMS.AndroidOS.FakeInst.a 2. SMS.AndroidOS.Agent.ao 3. SMS.AndroidOS.OpFake.a 4. Backdoor.AndroidOS.Maxit.a 5. SMS.AndroidOS.Agent.az. The authors of the malware in Every case took advantage of Google Cloud Messaging Service to Exchange messag
Apple certified Mac Malware Captures and Uploads Screenshots without Permission

Apple certified Mac Malware Captures and Uploads Screenshots without Permission

May 17, 2013Mohit Kumar
Earlier this week, new Mac spyware was discovered on a computer at the Oslo Freedom Forum , which is an annual human rights conference. Dubbed as  OSX/KitM.A , discovered by computer security researcher Jacob Appelbaum . This Mac malware that has been used to spy on activists, targeted via spear phishing attack and had received emails that duped them into installing the malware. The malware is a backdoor application called " macs.app " which launches automatically upon login. There are two command-and-control servers, located at securitytable.org and docsforum.info. Interestingly, the malware is signed with an Apple Developer ID , which is designed to prevent the installation of malware, associated with the name Rajender Kumar  and  the use of the ID appears to be an attempt to bypass Apple's Gatekeeper execution prevention technology. As of right now, F-Secure is looking into the origination of the malware and though it doesn't appear to be widespread.  You can
Hacker uses Evernote account as Command-and-Control Server

Hacker uses Evernote account as Command-and-Control Server

March 29, 2013Mohit Kumar
Cyber criminals  are using popular note-taking app Evernote as Command-and-Control Server to give commands to the malware installed on infected PCs using botnets. TrendMicro uncovered a malware detected as " BKDR_VERNOT.A " tried to communicate with Command-and-Control Server using Evernote. Malware delivered via an executable file that installs the malware as a dynamic-link library. The installer then ties the DLL into a legitimate running process, hiding it from casual detection. Once installed, BKDR_VERNOT.A can perform several backdoor commands such as downloading, executing, and renaming files. It then gathers information from the infected system, including details about its OS, timezone, user name, computer name, registered owner and organization. Researchers  also pointed out that the backdoor may have also used Evernote as a location to upload stolen data. " Unfortunately, during our testing, it was not able to login using the credentials embedded in the
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.