Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Sensitive data.. Show all posts

VirusTotal Hacking: Hackers can Access Trove of Stolen Credentials on VirusTotal

 

By conducting searches on VirusTotal, an online service that analyses suspicious files and URLs, security researchers have discovered a technique to gather large volumes of stolen user credentials. 

The SafeBreach research team used this technique to acquire over a million credentials using a €600 (about $679) VirusTotal licence and a few tools. The purpose was to determine what information a criminal could obtain with a licence for VirusTotal, a Google-owned service that allows users to submit and verify suspected files and links using multiple antivirus engines for free. 

A VirusTotal licenced user can use a mixture of questions to search the service's dataset for file type, file name, submitted data, country, and file content, among other things. Many data thieves gather credentials from various forums, mail accounts, browsers, and other sites, write them to a specific hard-coded file name — for example, "all credentials.txt," and then exfiltrate the file from the victim's device to the attackers' command-and-control server. 

Researchers used VirusTotal tools and APIs like search, VirusTotal Graph, and Retrohunt to locate files containing stolen data using this strategy. 

Tomer Bar, director of security research at SafeBreach stated, "It is quite a straightforward technique, which doesn't require strong understanding in malware. All you need is to choose one of the most common info stealers and read about it online." 

To collect critical data, the researchers used well-known malware such as RedLine Stealer, Azorult, Raccoon Stealer, and Hawkeye, as well as well-known forums like DrDark and Snatch Cloud. They discovered that their strategy worked on a large scale.

RedLine Stealer is a type of malware that may be purchased individually or as part of a subscription on underground forums. It collects information such as saved credentials, autocomplete data, and credit card information across browsers. When malware is installed on a target machine, it creates a system inventory that contains usernames, location data, hardware settings, and security software details. RedLine Stealer can upload and download files as well as run commands.

To begin, the researchers utilized VirusTotal Query to look for binaries that had been classified as RedLine by at least one antivirus engine, which yielded 800 matches. They also looked for files with the name DomainDetects.txt, which is one of the file names used by the malware. Hundreds of files had been exfiltrated as a result of this. 

They then resorted to VirusTotal Graph, a visual exploration tool for licenced VirusTotal customers. The researchers discovered a file from their search results in a RAR file containing exfiltrated data from 500 individuals, including 22,715 passwords to a variety of websites. There were also larger files with more passwords in the other results. 

According to the researchers, several of the URLs were for government-related websites. While there are many different types of data thieves, the researchers chose five of the most popular ones because they had a higher chance of being found in the VirusTotal dataset. 

Researchers wrote in their blog post, "A criminal who uses this method can gather an almost unlimited number of credentials and other user-sensitive data with very little effort in a short period of time using an infection-free approach. We called it the perfect cybercrime, not just due to the fact that there is no risk and the effort is very low, but also due to the inability of victims to protect themselves from this type of activity." 

The researchers informed Google of their discoveries and asked VirusTotal for the files containing personal information. They also suggested screening for and erasing files containing sensitive user data regularly, as well as prohibiting API keys from uploading those files.

Researchers Discover Critical Flaws Inside AMD’s Processors


Researchers on the AMD front claim to have found "multiple critical security vulnerabilities and exploitable manufacturer backdoors inside AMD’s latest Epyc, Ryzen, Ryzen Pro, and Ryzen Mobile processors."

If attackers somehow managed to misuse the blemishes, at that point the situations extending from AMD's processors being infected with tenacious malware that would be relatively difficult to recognize to attackers taking sensitive data the researchers say.

Israel-based CTS-Labs published a site committed to the 13 critical blemishes, and along with it a 20-page whitepaper, "Severe Security Advisory on AMD Processors." They code-named the four classes of vulnerabilities as Ryzenfall, Fallout, Chimera, and Masterkey.






It is vital to take note of that before the vulnerabilities could be exploited; the attackers would first need to gain administrative rights (root access) on a targeted computer or network. The report aims to describe the multiple, potential attacks.

Despite the fact that CTS conceded that it gave AMD, one of the largest semiconductor firms having expertise in processors for PCs and servers, just a 24-hour heads-up before opening up to the world about the flaws however even Microsoft, Dell, HP, and "select merchants" were likewise advised one day before the announcement of the vulnerabilities was made public.

Further adding CTS said that AMD's Ryzen chipset, which AMD outsourced to a Taiwanese chip manufacturer, AS Media, "is as of now being shipped with exploitable manufacturer backdoors inside." Which could without much of a stretch allow attackers "to inject malignant code into the chip" and make "a perfect target" for hackers.

"The vulnerabilities we have discovered allow bad actors who infiltrated the network to persist in it, surviving computer reboots and reinstallations of the operating system. This allows attackers to engage in persistent, virtually undetectable espionage, buried deep in the system." says the report.

The California-based organization later assured in an announcement that they are researching this report; to comprehend the approach and merit of the discoveries made so as to provide proper protection against the vulnerabilities as soon as they can.