Dismiss this notice
novaPDF Professional Valentines 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=5523

Dismiss this notice
Ashampoo PDF PRO Valentines 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=5524

Dismiss this notice
Undelete 11 Professional Valentines 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=5522

Dismiss this notice
ExpressVPN Valentines 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=5521

Dismiss this notice
Macrium Reflect Home Valentines 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=5520


Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
GandCrab Ransomware Discovered To Be Embedded in Super Mario Image
#1
Quote:A newly discovered malware campaign uses steganography to hide GandCrab in a seemingly innocent Mario image.
 
In the Mario Brothers universe, Mario is a hero, but that "good guy" status doesn't extend to the real world — at least not for victims of a malware campaign that wraps the GandCrab ransomware in a Mario graphic package.
Matthew Rowan, a researcher at Bromium, discovered the campaign in a malware sample he was analyzing. In his blog post detailing the discovery, he shows how threat actors hide their true intentions, why it's a very bad idea to disable software protection mechanisms, and why old encryption techniques like steganography are still useful in the modern era.
The steganography comes into play with heavily obfuscated Microsoft PowerShell commands hidden within the color channels of a picture of Mario in a particularly cool pose. Rowan notes that hiding commands in the image makes it very difficult for a firewall to pick up the threat and apply a standard filter against the malware.
The new campaign is a threat to computer users in Italy, though, like most such campaigns, it could easily be modified by a different criminal to target users in any (or every) geography. 
Source
[-] The following 2 users say Thank You to Toligo for this post:
  • harlan4096, silversurfer
Reply
#2
Quote:Researchers spotted the ransomware GandCrab embedded into a downloadable Mario image from Super Mario Bros.

Matthew Rowan, a researcher at Bromium discovered the malware and identified the trends and patterns to be of an older method, steganography. This form of malware tends to use obfuscated Microsoft PowerShell commands. Similarly, the hacker uses a PowerShell command in this campaign. The targeted emails are sent to individuals in Italy, with an excel document attached. Labelled, “F.DOC.2019 A 259 SPA.xls” it also contains a Macro. The document prompts users to click ‘enable content,’ effectively deploying the malware. The malware firstly checks the region, usually, relying on the administrative language of the operating system. Here the coding used to determine this consisted of using IF statement with country 39, which was Italy. If the device is not based in Italy, then it will not deploy.

[Image: mario-1558068__340.jpg]
Source

Image courtesy of  : latesthackingnews.com
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Latest Threads
Prices for 1TB Gaming SSDs Slashed in Ha...
Last Post: DTinn8
Today 03:08
» Replies: 0
» Views: 3
Intel Unveils Specs for 9th-Gen H-Series...
Last Post: DTinn8
Today 03:05
» Replies: 0
» Views: 4
Spectre Forever: Side-Channel Attacks In...
Last Post: DTinn8
Today 03:03
» Replies: 0
» Views: 4
DRAM Prices Expected to Decline as Much ...
Last Post: DTinn8
Today 03:00
» Replies: 0
» Views: 3
Best SSD and Storage Deals for 2019
Last Post: DTinn8
Today 02:58
» Replies: 0
» Views: 3
GFYI [Official] PowerISO New Year 2019 G...
Last Post: DTinn8
Today 02:53
» Replies: 17
» Views: 814
AhnLab V3 Internet Security
Last Post: deathsmear
Today 01:47
» Replies: 0
» Views: 15
Criminals, Nation-States Keep Hijacking ...
Last Post: Toligo
Yesterday 21:12
» Replies: 0
» Views: 28
Wendy’s to pay $50M in data breach settl...
Last Post: Toligo
Yesterday 21:04
» Replies: 0
» Views: 35
Dunn Brothers, Chino Latino and other Mi...
Last Post: Toligo
Yesterday 19:25
» Replies: 0
» Views: 48
This malware turns ATM hijacking into a ...
Last Post: Toligo
Yesterday 19:23
» Replies: 0
» Views: 31
Scathing UK report says Facebook 'intent...
Last Post: Toligo
Yesterday 19:21
» Replies: 0
» Views: 29
Why Corporations Need to Give Employees ...
Last Post: Toligo
Yesterday 19:19
» Replies: 0
» Views: 27
Banks praised for their internal cyber d...
Last Post: Toligo
Yesterday 19:16
» Replies: 0
» Views: 23
When Cyberattacks Pack a Physical Punch
Last Post: Toligo
Yesterday 19:15
» Replies: 0
» Views: 24
Could hackers 'brainjack' your memories ...
Last Post: Toligo
Yesterday 19:14
» Replies: 0
» Views: 22
[Official] MakeUSLaugh_HitmanPro.Alert N...
Last Post: jasonX
Yesterday 19:05
» Replies: 20
» Views: 1241
Norton Security Center_ How To_11 ways t...
Last Post: jasonX
Yesterday 18:14
» Replies: 0
» Views: 36
Norton Security Center_ Mobile_Android v...
Last Post: jasonX
Yesterday 18:11
» Replies: 0
» Views: 28
Norton Security Center_ Privacy_Telltale...
Last Post: jasonX
Yesterday 18:07
» Replies: 0
» Views: 25

[-]
Staffs Online
There are no staff members currently online.