This IDA installer has been modified to include two malicious DLLs named idahelp.dll and win_fw.dll that will be executed when the program is installed. New SRCheck scheduled task created by win_fw.dll Could you guide me, please Because on the internet, he has very few FORUM or others talking about it. The idahelper.dll will then connect to the devguardmaporg site and download payloads believed to be the NukeSped remote access trojan. "Based on the domain and trojanized application, we attribute this malware to known Lazarus activity, previously reported by Google's Threat Analysis Group and Microsoft," ESET tweeted regarding connection to Lazarus.Ĭherepanov told BleepingComputer that while he does not know how the installer is being distributed, it was discovered recently and appears to have been distributed since Q1 2020 Lazarus has a history of targeting researchers The installed RAT will allow the threat actors to gain access to the security researcher's device to steal files, take screenshots, log keystrokes, or execute further commands. The Lazarus hacking group, also known as Zinc by Microsoft, has a long history of targeting security researchers with backdoors and remote access trojans. The move disrupts the reverse engineering market, which top dog IDA Pro has long dominated, and enables more people to learn how to reverse engineer without having to pay for an IDA Pro license. In January, Google disclosed that Lazarus conducted a social media campaign to create fake personas pretending to be vulnerability researchers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |