Blog
Share This Post
[ad_1]
Attacks with the new KTLVdoor malware have been deployed by Chinese threat operation Earth Lusca to target Windows and Linux endpoints as part of a comprehensive campaign, Security Affairs reports.
More than 50 Alibaba-hosted command-and-control servers have been leveraged to facilitate the distribution of the backdoor, which impersonates the Java, bash, sshd, SQLite, and edr-agent utilities, according to a Trend Micro report. Aside from enabling file uploading and downloading, execution of KTLVdoor also allows interactive shell and shellcode execution, as well as TCP, TLS, ping, RDP, and web scans, said Trend Micro researchers. “Most of the samples discovered in this campaign are obfuscated: embedded strings are not directly readable, symbols are stripped and most of the functions and packages were renamed to random Base64-like looking strings, in an obvious effort from the developers to slow down the malware analysis,” researchers said.
[ad_2]
Source link
Subscribe To Our Newsletter
Get updates and learn from the best
More To Explore
US Charges Five People Over North Korean IT Worker Scheme
[ad_1] The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to
In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies
[ad_1] Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York
