This week in infosec: links

November 29, 2021    Article    526 words    3 mins read

Previous part

RATDispenser: Stealthy JavaScript Loader Dispensing RATs into the Wild - In this article, we describe how attackers are using an evasive JavaScript loader, that we call RATDispenser, to distribute remote access Trojans (RATs) and information stealers. With an 11% detection rate, RATDispenser appears to be effective at evading security controls and delivering malware. In total, we identified eight malware families distributed using this malware during 2021. All the payloads were RATs, designed to steal information and give attackers control over victim devices.

Looking for vulnerabilities in MediaTek audio DSP - In this study, we reverse-engineered the MediaTek audio DSP firmware despite the unique opcodes and processor registers, and discovered several vulnerabilities that are accessible from the Android user space. By chaining with vulnerabilities in Original equipment manufacturer (OEM) partner’s libraries, the MediaTek security issues we found could lead to local privilege escalation from an Android application. A successful exploitation of the DSP vulnerabilities could potentially allow an attacker to listen to user conversations and/or hide malicious code.

BABADEDA crypter targeting crypto, NFT, and DEFI communities - Crucially, the crypter that this campaign deploys, which we have termed Babadeda (a Russian language placeholder used by the crypter itself which translates to “Grandma-Grandpa”), is able to bypass signature-based antivirus solutions. Although some variants of this crypter have been noted by other vendors, Morphisec is the first to fully disclose how it works.

“Free Steam games” videos promise much, deliver malware - Gamers are a hot target for scammers, especially in the run up to Christmas. Major games are released throughout the last few months of any year, and the FOMO (fear of missing out) is strong. Especially if said titles offer pre-order exclusive bonuses, or deals and discounts for a few weeks after the game launches.

Your Fingerprint Can Be Hacked For $5. Here’s How - Fingerprint authentication is a convenient alternative to passwords and PIN codes. Who wants to spend time typing in a lengthy string of numbers, letters and characters when a simple tap will suffice? In this article, the Kraken Security Labs Team demonstrates just how easy it is for malicious actors to bypass your favorite login method.

Iranian threat actors exploit MS MSHTML bug to steal Google and Instagram credentials - Researchers from SafeBreach Labs spotted a new Iranian threat actor that is using an exploit for a Microsoft MSHTML Remote Code Execution (RCE) flaw in attacks aimed at Farsi-speaking victims. The exploit is used to install a PowerShell stealer, tracked by the researchers as PowerShortShell, that steals Google and Instagram credentials of the victims.

InstallerFileTakeOver - CVE - Windows Installer Elevation of Privilege Vulnerability.

VMware Security Advisory - Multiple vulnerabilities in VMware vCenter Server were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.

Joker virus back on Google Play Store - Beware Android phone users! The very dangerous malware Joker ‘virus’ has once again surfaced in Google Play Store apps. This Joker virus is a malicious code that hides in Android applications and can hack information such as your contacts and text messages device info, OTPs and do many other unauthorized things.