Dismiss this notice
Ashampoo Photo Optimizer 7 New Year 2019 Giveaway-https://www.geeks.fyi/showthread.php?tid=4948

Dismiss this notice
MakeUSLaugh_HitmanPro.Alert New Year 2019 Giveaway- https://www.geeks.fyi/showthread.php?tid=4946

Dismiss this notice
Ashampoo Burning Studio 20 New Year 2019 Giveaway- https://www.geeks.fyi/showthread.php?tid=4947

Dismiss this notice
PowerISO New Year 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=5170


Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
GandCrab Ransomware Discovered To Be Embedded in Super Mario Image
#1
Quote:A newly discovered malware campaign uses steganography to hide GandCrab in a seemingly innocent Mario image.
 
In the Mario Brothers universe, Mario is a hero, but that "good guy" status doesn't extend to the real world — at least not for victims of a malware campaign that wraps the GandCrab ransomware in a Mario graphic package.
Matthew Rowan, a researcher at Bromium, discovered the campaign in a malware sample he was analyzing. In his blog post detailing the discovery, he shows how threat actors hide their true intentions, why it's a very bad idea to disable software protection mechanisms, and why old encryption techniques like steganography are still useful in the modern era.
The steganography comes into play with heavily obfuscated Microsoft PowerShell commands hidden within the color channels of a picture of Mario in a particularly cool pose. Rowan notes that hiding commands in the image makes it very difficult for a firewall to pick up the threat and apply a standard filter against the malware.
The new campaign is a threat to computer users in Italy, though, like most such campaigns, it could easily be modified by a different criminal to target users in any (or every) geography. 
Source
[-] The following 2 users say Thank You to Toligo for this post:
  • harlan4096, silversurfer
Reply
#2
Quote:Researchers spotted the ransomware GandCrab embedded into a downloadable Mario image from Super Mario Bros.

Matthew Rowan, a researcher at Bromium discovered the malware and identified the trends and patterns to be of an older method, steganography. This form of malware tends to use obfuscated Microsoft PowerShell commands. Similarly, the hacker uses a PowerShell command in this campaign. The targeted emails are sent to individuals in Italy, with an excel document attached. Labelled, “F.DOC.2019 A 259 SPA.xls” it also contains a Macro. The document prompts users to click ‘enable content,’ effectively deploying the malware. The malware firstly checks the region, usually, relying on the administrative language of the operating system. Here the coding used to determine this consisted of using IF statement with country 39, which was Italy. If the device is not based in Italy, then it will not deploy.

[Image: mario-1558068__340.jpg]
Source

Image courtesy of  : latesthackingnews.com
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Latest Threads
Marriott now lets you check if you’re a ...
Last Post: Toligo
Today 23:01
» Replies: 0
» Views: 16
How AI and machine learning can help you...
Last Post: Toligo
Today 22:58
» Replies: 0
» Views: 31
Five emerging cybersecurity threats you ...
Last Post: Toligo
Today 22:51
» Replies: 0
» Views: 22
Twitter has been storing your ‘deleted’ ...
Last Post: Toligo
Today 22:48
» Replies: 0
» Views: 14
Ransomware attackers exploit old plug-in...
Last Post: Toligo
Today 22:45
» Replies: 0
» Views: 18
Using Machine Learning to Detect Malware...
Last Post: Toligo
Today 22:44
» Replies: 0
» Views: 35
G DATA Security Blog_DeepRay foils cyber...
Last Post: jasonX
Today 18:34
» Replies: 0
» Views: 27
G DATA Security Blog_Emotet: G DATA expl...
Last Post: jasonX
Today 18:31
» Replies: 0
» Views: 26
G DATA Antivirus Software 2019
Last Post: jasonX
Today 18:23
» Replies: 0
» Views: 9
The hacking strategies that will dominat...
Last Post: Toligo
Today 17:37
» Replies: 0
» Views: 23
PC Game Giveaway: EMMA The Story
Last Post: sinanogz
Today 15:26
» Replies: 0
» Views: 28
Microsoft Edge, Google Chrome Will Be Ab...
Last Post: silversurfer
Today 10:15
» Replies: 0
» Views: 34
Google working on new Chrome security fe...
Last Post: silversurfer
Today 10:10
» Replies: 0
» Views: 35
[Official] MakeUSLaugh_HitmanPro.Alert N...
Last Post: jasonX
Today 07:17
» Replies: 14
» Views: 1056
Sandboxie updates
Last Post: silversurfer
Yesterday 22:32
» Replies: 3
» Views: 394
Mozilla to harden Firefox defenses with ...
Last Post: Toligo
Yesterday 22:21
» Replies: 2
» Views: 31
Vox Media targets YouTuber that parodied...
Last Post: Toligo
Yesterday 22:18
» Replies: 0
» Views: 37
Bank of Valleta Shuts Down Their Service...
Last Post: Toligo
Yesterday 22:06
» Replies: 0
» Views: 37
Coffee Meets Bagel Dating App Warns User...
Last Post: Toligo
Yesterday 22:01
» Replies: 0
» Views: 34
Astaroth Trojan Exploits Antivirus Softw...
Last Post: Toligo
Yesterday 21:54
» Replies: 0
» Views: 37

[-]
Staffs Online
harlan4096's profile harlan4096
Administrator