Connect with us

Cyber Security

Stantinko Observed Using a New Version of a Linux Proxy Trojan

Avatar

Published

on

Linux

Using a new version of a Linux proxy Trojan, a threat community monitored as Stantinko was observed posing as Apache servers to stay undetected.

Stantinko is thought to have been running since at least 2012, initially outlined in 2017, ensnaring compromised networks into a botnet primarily used in large adware schemes, but also for backdoor operations, brute-force attacks, and more.

The Stantinko group was historically primarily known for attacking Windows applications, but recent attacks have revealed that they are now working on evolving their Linux malware, with a new proxy Trojan masquerading as httpd, the Apache Hypertext Transmission Protocol Server that is used on several Linux servers.

“We believe that this malware is part of a broader campaign that uses compromised Linux servers,” say security researchers at Intezer.

Detected on VirusTotal by a single anti-virus engine, the sample is an unstripped 64-bit ELF binary that validates a configuration file upon execution. The malware prevents execution if this file is absent or lacks the expected structure.

The proxy daemonizes itself if the validation completes, in which it generates a socket and a listener that allows it to accept connections. This may be the way contaminated computers deal with each other, according to Intezer.

The new version, which was discovered almost three years after the previous one has a similar function, but reveals a variety of changes, including the command and control (C&C) IP address stored in the configuration file dropped next to the malware, the absence of the new version’s self-updating capability, and the dynamic connection of the new version.

Several feature names within the dataset have been shown to be similar to the previous version, but the current version does not call them statically. In addition, the C&C routes suggest the same group’s previous campaigns, indicating that the current Trojan is still related to Stantinko.

Source: https://cybersguards.com/stantinko-observed-using-a-new-version-of-a-linux-proxy-trojan/

Cyber Security

Breaking Down Joe Biden’s $10B Cybersecurity ‘Down Payment’

Avatar

Published

on

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Source: https://threatpost.com/breaking-down-joe-bidens-10b-cybersecurity-down-payment/163304/

Continue Reading

Cyber Security

Outgoing FCC Chair Issues Final Security Salvo Against China

Avatar

Published

on

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Source: https://threatpost.com/outgoing-fcc-chair-security-china/163318/

Continue Reading

Cyber Security

2.28M MeetMindful Daters Compromised in Data Breach

Avatar

Published

on

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Source: https://threatpost.com/meetmindful-daters-compromised-data-breach/163313/

Continue Reading

Cyber Security

Cisco DNA Center Bug Opens Enterprises to Remote Attack

Avatar

Published

on

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Source: https://threatpost.com/cisco-dna-center-bug-remote-attack/163302/

Continue Reading
Automotive3 hours ago

Tesla FSD Beta pushed to limits in real-world torture test

AI4 hours ago

AI clocks first-known ‘binary sextuply-eclipsing sextuple star system’. Another AI will be along shortly to tell us how to pronounce that properly

NEWATLAS5 hours ago

Satellite fires up iodine-fueled ion thruster for the first time

SPAC Insiders5 hours ago

Bridgetown 2 Holdings Limited (BTNB) Prices $260M IPO

Automotive6 hours ago

Tesla Giga Berlin’s next-gen paint shop takes form with dipping pool deliveries

Aviation7 hours ago

Exclusive: Wheels Up in talks with SPAC to go public: sources

SPACS7 hours ago

Report: SPACs 2.0

SPAC Insiders7 hours ago

Northern Star Investment Corp. II (NTSB.U) Prices Upsized $350M IPO

SPAC Insiders7 hours ago

Science Strategic Acquisition Corp. Alpha (SSAAU) Prices Upsized $270M IPO

SPAC Insiders8 hours ago

Biotech Acquisition Company (BIOTU) Prices $200M IPO

NEWATLAS10 hours ago

Lockheed Martin and Boeing debut Defiant X advanced assault helicopter

SPAC Insiders10 hours ago

LMF Acquisition Opportunities, Inc. (LMAOU) Prices Upsized $90M IPO

NEWATLAS11 hours ago

Horizon presents its long-range Cavorite X5 hybrid eVTOL

Amb Crypto12 hours ago

Former Goldman Sachs exec: Bitcoin ‘could work,’ but will attract more regulation

NEWATLAS12 hours ago

Hymer CrossOver 4×4 camper vans escape the grid for up to 10 days

NEWATLAS12 hours ago

Fossil analysis suggests newly hatched tyrannosaurs were dog-sized

NEWATLAS12 hours ago

Review: 2021 Mercedes-Benz GLE and GLS hit the high note

Energy12 hours ago

Dakota Power wins N.J. project approval, has billion-dollar solar plans

Cyber Security12 hours ago

Breaking Down Joe Biden’s $10B Cybersecurity ‘Down Payment’

Automotive13 hours ago

Tesla, EV makers to benefit as President Biden announces electrified Gov’t fleet

Amb Crypto13 hours ago

Other than Bitcoin, Coinbase notes institutional demand for Ethereum as well

Energy13 hours ago

National lab and Youngstown State partner to develop battery manufacturing workforce

Cyber Security13 hours ago

Outgoing FCC Chair Issues Final Security Salvo Against China

Cyber Security13 hours ago

2.28M MeetMindful Daters Compromised in Data Breach

AI13 hours ago

Governance: Companies mature in their use of AI know that it needs guardrails

Amb Crypto13 hours ago

XRP, Tron, Synthetix Price Analysis: 25 January

Business Insider14 hours ago

Taboola is going public via a SPAC, aiming to raise $545 million to expand its content recommendations to TV, cars, gaming and ecommerce

Amb Crypto14 hours ago

MicroStrategy CEO addresses FUD over tax issues for Bitcoin investors

SPAC Insiders14 hours ago

Foley Trasimene Acquisition Corporation (WPF) to Combine with Alight Solutions in $7.3Bn Deal

Reuters14 hours ago

Tishman Speyer-backed SPAC to take smart-lock maker Latch public in $1.6 bln deal

Trending