Endpoint/Device Security, Malware

Windows devices compromised in Sliver malware attacks

Windows devices are being targeted by a novel hacking campaign leveraging two exploits in Chinese remote control software Sunlogin to facilitate Sliver post-exploitation toolkit deployment and Bring Your Own Vulnerable Driver attacks, BleepingComputer reports. Threat actors who have successfully compromised target devices by using the Sunlogin flaws, tracked as CNVD-2022-10270 and CNVD-2022-03672, will proceed with opening reverse shells or deploying other payloads, including Sliver, XMRig Monero crypto miner, and Gh0st RAT, a report from ASEC showed. The PowerShell script included in the attack loads a modified Mhyprot2DrvControl open-source tool as an executable in an effort to bypass detection systems. "The developer of Mhyprot2DrvControl provided multiple features that can be utilized with the privileges escalated through mhyprot2.sys. Among these, the threat actor used the feature which allows the force termination of processes to develop a malware that shuts down multiple anti-malware products," said ASEC. Windows admins have been urged to activate the vulnerable driver blocklist to avert BYOVD attacks, as well as block the AV killer's hash.

Related

US, Australia apprehend Firebird RAT developer

The FBI and Australian Federal Police have partnered to arrest and indict an unnamed Australian who developed Firebird/Hive remote access trojan and California-based Edmond Chakhmakchyan, also known as Corruption, who allegedly marketed the RAT, according to BleepingComputer.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.