The Hacker News reports that peer-to-peer instant messaging service Tox is now being used by threat actors as a command-and-control server instead of just a tool for communicating with victims in ransomware negotiations.
Such Tox utilization was discovered by Uptycs researchers after the identification of the '72client' Executable and Linkable Format artifact with bot and script execution functionality on compromised systems using Tox.
The report showed that the C-based binary was associated with the c-toxcore library, a reference implementation of Tox. Researchers also found that cryptominer-related processes could be killed by commands launched by a shell script within the ELF file. Different commands could also be received using Tox, which could also be quitted through an 'exit' command.
"While the discussed sample does not do anything explicitly malicious, we feel that it might be a component of a coinminer campaign. Therefore, it becomes important to monitor the network components involved in the attack chains," said researchers.
Utilization of Slack will be halted across most of Disney's businesses by the end of the year, said Disney Chief Financial Officer Hugh Johnston in a report in the Status media newsletter.
Attacks involved the utilization of Amazon S3 bucket and Content Delivery Network-hosted sites spoofing Google CAPTCHA pages and other verification sites, which include instructions that trigger a malicious PowerShell command downloading Lumma Stealer and proceeding with the exfiltration of sensitive device data.
Some of the 340 GB of sensitive data purportedly stolen from the City of Pleasanton, including names, birthdates, credit card numbers, and other personal and corporate financial information, have already been exposed by Valencia.