Mac and Windows users infected by software updates delivered over hacked ISP
Hackers compromised an ISP to deliver malware to Windows and Mac users via software updates, affecting multiple applications. Users are advised to avoid insecure updates and use secure DNS protocols.
Read original article
Hackers have successfully delivered malware to both Windows and Mac users by compromising an Internet service provider (ISP) and manipulating software updates. Researchers from Volexity reported that the attackers gained control over the ISP's infrastructure, allowing them to poison DNS responses for legitimate software update servers. This attack affected at least six applications, including 5KPlayer and Quick Heal, which did not use secure connections for their update mechanisms. The attackers executed man-in-the-middle (MitM) attacks, redirecting users to malicious servers even when they used secure DNS services like Google or Cloudflare. The malware, identified as MACMA for macOS and POCOSTICK for Windows, was delivered through compromised update files. The attack also involved the installation of a malicious browser extension that captured sensitive data. Volexity noted that while the incident is contained, there may be other ongoing attacks globally. Users are advised to avoid software that updates insecurely and to consider using DNS over HTTPS or DNS over TLS to protect against such threats.
- Hackers compromised an ISP to deliver malware via software updates.
- The attack affected multiple applications that lacked secure update mechanisms.
- Users were redirected to malicious servers through DNS poisoning.
- The malware included MACMA and POCOSTICK, capable of extensive system control.
- Recommendations include avoiding insecure updates and using secure DNS protocols.
Related
Mac users served info-stealer malware through Google ads
Mac users targeted by info-stealer malware via Google ads promoting fake Arc browser for Mac. Malware sends data to Poseidon info stealer control panel, extracting wallets and passwords. Google disclaims responsibility. Users urged caution.
Poseidon malware menaces Mac users via GoogleAds
A MacOS malware named 'Poseidon' masquerades as the Arc web browser in Google ads, redirecting users to a fake site for trojan downloads. It aims to steal credentials and VPN settings for potential data theft. Researchers warn of its resemblance to the AtomicStealer malware family, advising caution in app downloads to prevent infection and data breaches.
Hackers bypass Windows SmartScreen flaw to launch malware
Cybercriminals are exploiting a Microsoft Defender vulnerability (CVE-2024-21412) to install malware undetected. Many systems remain unpatched, making them vulnerable. Users should update Windows and be cautious with email attachments.
Threat Actor Abuses Cloudflare Tunnels to Deliver Rats
Proofpoint reported increased cybercriminal activity using Cloudflare Tunnels to deliver malware, particularly remote access trojans. Campaigns involve phishing emails and exploit temporary tunnels, necessitating adaptive cybersecurity defenses.
Hackers breach ISP to poison software updates with malware
A Chinese hacking group, StormBamboo, breached an ISP to inject malware into software updates, exploiting insecure mechanisms. They redirected requests to install malware on victims' devices, including a malicious Chrome extension.
2 commentsRelated
Mac users served info-stealer malware through Google ads
Mac users targeted by info-stealer malware via Google ads promoting fake Arc browser for Mac. Malware sends data to Poseidon info stealer control panel, extracting wallets and passwords. Google disclaims responsibility. Users urged caution.
Poseidon malware menaces Mac users via GoogleAds
A MacOS malware named 'Poseidon' masquerades as the Arc web browser in Google ads, redirecting users to a fake site for trojan downloads. It aims to steal credentials and VPN settings for potential data theft. Researchers warn of its resemblance to the AtomicStealer malware family, advising caution in app downloads to prevent infection and data breaches.
Hackers bypass Windows SmartScreen flaw to launch malware
Cybercriminals are exploiting a Microsoft Defender vulnerability (CVE-2024-21412) to install malware undetected. Many systems remain unpatched, making them vulnerable. Users should update Windows and be cautious with email attachments.
Threat Actor Abuses Cloudflare Tunnels to Deliver Rats
Proofpoint reported increased cybercriminal activity using Cloudflare Tunnels to deliver malware, particularly remote access trojans. Campaigns involve phishing emails and exploit temporary tunnels, necessitating adaptive cybersecurity defenses.
Hackers breach ISP to poison software updates with malware
A Chinese hacking group, StormBamboo, breached an ISP to inject malware into software updates, exploiting insecure mechanisms. They redirected requests to install malware on victims' devices, including a malicious Chrome extension.