Hackers Use Windows Backdoor To Deliver BadSpace

Uploaded on 2024-06-25 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Hacked high-ranking legitimate websites have been exploited by threat actors to enable BadSpace malware backdoor distribution on Windows machines. "The threat actor employs a multi-stage attack chain involving an infected website, a command-and-control (C2) server, in some cases a fake browser update, and a JScript downloader to deploy a backdoor into the victim's system," according to cyber security company G-DATA.

It begins with a compromised website, including those built on WordPress, to inject code that incorporates logic to determine if a user has visited the site before. Should it be the user's first visit, the code collects information about the device, IP address, user-agent, and location, and transmits it to a hard-coded domain via an HTTP GET request.

The response from the server subsequently overlays the contents of the web page with a fake Google Chrome update pop-up window to either directly drop the malware or a JavaScript downloader that, in turn, downloads and executes BadSpace.

An analysis of the C2 servers used in the campaign has found connections to a known malware called SocGholish (aka FakeUpdates), a JavaScript-based downloader malware that's propagated via the same mechanism.

In addition to employing anti-sandbox checks and setting up persistence using scheduled tasks, BadSpace is capable of harvesting system information and processing commands that allow it to take screenshots, execute instructions using cmd.exe, read and write files, and delete the scheduled task.

The disclosure comes as security researchers at both eSentire and Sucuri have warned about different campaigns leveraging bogus browser update lures in compromised sites to distribute dara stealers and remote access trojans.

GData   |    Sucuri   |     esentire   |    Hacker News   |    GroupIB   |     SCMagazine   |   CybersecuityNews    |

LinkedIn 

Image: Ideogram

You Might Also Read: 

Hackers Exploit GitHub & FileZilla To Deliver Malware:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 


 

« How To Effectively Detect & Prevent SAP Threats
Hacker, Spy, Or Journalist? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

GigaOm

GigaOm

GigaOm's mission is to provide enterprises with information and analysis to help them make better decisions about technology.

Illumio

Illumio

Illumio delivers adaptive security for every computing environment, protecting the 80% of data center and cloud traffic missed by the perimeter.

BlackBerry Cybersecurity

BlackBerry Cybersecurity

Blackberry provides intelligent security software and services to enterprises and governments around the world.

Simeio Solutions

Simeio Solutions

Simeio is a complete Identity and Access Management (IAM) solution provider that engages securely with anyone, anywhere, anytime.

Business Continuity

Business Continuity

Business Continuity delivers integrated IT solutions for cybersecurity, virtualization, cloud platforms and operational security solutions.

Excelerate Systems

Excelerate Systems

Excelerate Systems is a leading provider of IT services with a focus on Big Data, Cloud Services and Security.

The ai Corporation

The ai Corporation

The ai Enterprise Fraud Solution is an on-prem or cloud-based self-service, machine learning fraud detection and prevention tool set.

CyberWhite

CyberWhite

CyberWhite is a disruptive provider of cyber security and risk mitigation solutions.

OmniCyber Security

OmniCyber Security

Omni is a cyber security firm specialising in Penetration Testing, Managed Security and Compliance.

Mandiant

Mandiant

Mandiant deliver dynamic cyber defense solutions powered by industry-leading expertise, intelligence and innovative technology.

SOOS

SOOS

SOOS is the easy-to-integrate software security solution for your whole team. Build, catch, and fix vulnerabilities with SOOS Software Composition Analysis.

MLSecOps Community

MLSecOps Community

The MLSecOps Community is a collaborative space for machine learning security experts and industry leaders to connect and shape the future of AI/ML security.

SkillsDA

SkillsDA

SkillsDA is pureplay company in cyber security involved in capacity building towards National Security.

Canadian Cyber Threat Exchange (CCTX)

Canadian Cyber Threat Exchange (CCTX)

The CCTX is Canada’s not-for-profit, private-sector cyber threat sharing hub and collaboration centre.

TerraZone

TerraZone

TerraZone is a global cyber security and privacy solutions provider to governments and enterprises.

Net Essence

Net Essence

Net Essence is a Managed IT Services Provider. We deliver effective, reliable and fit-for-purpose IT solutions for SMEs based in the UK.

Norwegian Data Protection Authority (Datatilsynet)

Norwegian Data Protection Authority (Datatilsynet)

The Norwegian Data Protection Authority (Datatilsynet) is the national data protection authority for Norway.

CR Group

CR Group

CR Group is a Swedish-owned, cyber-security company oriented towards the European market. We offer solutions for vital societal functions that are both easy-to-buy and easy-to-use.