Hackers Use Windows Backdoor To Deliver BadSpace

Uploaded on 2024-06-25 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Hacked high-ranking legitimate websites have been exploited by threat actors to enable BadSpace malware backdoor distribution on Windows machines. "The threat actor employs a multi-stage attack chain involving an infected website, a command-and-control (C2) server, in some cases a fake browser update, and a JScript downloader to deploy a backdoor into the victim's system," according to cyber security company G-DATA.

It begins with a compromised website, including those built on WordPress, to inject code that incorporates logic to determine if a user has visited the site before. Should it be the user's first visit, the code collects information about the device, IP address, user-agent, and location, and transmits it to a hard-coded domain via an HTTP GET request.

The response from the server subsequently overlays the contents of the web page with a fake Google Chrome update pop-up window to either directly drop the malware or a JavaScript downloader that, in turn, downloads and executes BadSpace.

An analysis of the C2 servers used in the campaign has found connections to a known malware called SocGholish (aka FakeUpdates), a JavaScript-based downloader malware that's propagated via the same mechanism.

In addition to employing anti-sandbox checks and setting up persistence using scheduled tasks, BadSpace is capable of harvesting system information and processing commands that allow it to take screenshots, execute instructions using cmd.exe, read and write files, and delete the scheduled task.

The disclosure comes as security researchers at both eSentire and Sucuri have warned about different campaigns leveraging bogus browser update lures in compromised sites to distribute dara stealers and remote access trojans.

GData   |    Sucuri   |     esentire   |    Hacker News   |    GroupIB   |     SCMagazine   |   CybersecuityNews    |

LinkedIn 

Image: Ideogram

You Might Also Read: 

Hackers Exploit GitHub & FileZilla To Deliver Malware:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 


 

« How To Effectively Detect & Prevent SAP Threats
Hacker, Spy, Or Journalist? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Kent Interdisciplinary Research Centre in Cyber Security (KirCCS) - University of Kent

Kent Interdisciplinary Research Centre in Cyber Security (KirCCS) - University of Kent

KirCCS harnesses expertise across Kent University to address current and potential cyber security challenges.

Auth0

Auth0

Auth0 is a cloud service that provides a set of unified APIs and tools that instantly enables single sign-on and user management for any application, API or IoT device.

Threat Intelligence

Threat Intelligence

Threat Intelligence is a specialist security company providing penetration testing, threat intelligence, incident response and training services.

Kobil Systems

Kobil Systems

Kobil is a pioneer in the fields of smart card, one-time password, authentication and cryptography.

Clavis Information Security

Clavis Information Security

Clavis is an Information Security company offering a complete portfolio of solutions from Pentesting and Security Assessments to Managed Security Services and Training.

StepStone

StepStone

StepStone is one of the leading online job platforms in Germany, and other countries, covering all industry sectors including IT and cybersecurity.

Project Moore

Project Moore

Project Moore is an Amsterdam law firm specialising in IT-law and privacy.

Angoka

Angoka

Angoka provide hardware-based solutions for managing the cybersecurity risks inherent in machine-to-machine communication networks.

Diaplous Group

Diaplous Group

Diaplous Group is a leading Maritime Risk Management (MRM) provider, delivering specialized services to an ever-broadening portfolio of shipping, oil & gas, energy and construction industries.

Valarian

Valarian

Valarian (formerly Worldr) is on a mission to build cutting-edge solutions that empower borderless collaboration in the new era of digital sovereignty.

Cybolt

Cybolt

Cybolt helps companies, organizations, and governments manage digital risks and live in an environment of confidence and certainty.

Avalanchio Technologies

Avalanchio Technologies

The Avalanchio platform gives you a complete solution to collect, process, and analyze security data to detect threats in real-time and analyze historical data using security DSL or SQL.

Harvey Nash

Harvey Nash

Harvey Nash is a leading global provider of talent and technology solutions.

PreVeil

PreVeil

We started PreVeil to bring radically better security to ordinary business and personal communication and information storage.

Filigran

Filigran

Filigran provides threat intelligence, adversary simulation and crisis response open solutions to thousands of cybersecurity and crisis management teams across the world.

at-yet (@-yet)

at-yet (@-yet)

at-yet are an interdisciplinary team of experts. We are all about achieving results, whatever the situation – an acute incident, risk minimisation, safeguarding or data protection.