Get up to date Tech &Security related news and books to become a Hacker

Breaking

Tuesday, December 12, 2017

Hackers forged bitcoin trading tools launch Orcus RAT

Bitcoin has seen explosive growth in recent years, its price has exceeded 10 times the gold price, and its valuation has even exceeded that of some countries’ currencies. For a time, the price of the bitcoin rose by more than 60% once last week. This crazy increase is ultimately the concern of hackers, security researchers have found that hackers spread the Orcus Remote Access Trojan ( RAT ) by launching fake advertisements on the ” Gunbot Bitcoin Trading Robot” with the goal of stealing user bits currency. At the same time, developers behind the Trojans also deployed a fake bitcoin forum bitcointalk[.]org for fishing.

Researchers from the FortiGuards lab uncovered phishing activities for enthusiastic Bitcoin investors, and hackers can help provide users with Gunbot, the new legal Bitcoin transaction robot developed by GuntherLab or Gunthy by sending an ad-mail campaign Monitor the price differences between different trading platforms. If there is a profit opportunity, the software will be based on the user’s previous settings on the platform automatically buy and sell bitcoin.
 
Researchers say Gunbot, a bitcoin trading robot provided in spam, actually serves Orcus RAT, a malware that does not bring related profits but rather more losses to investors. This phishing email with a fake ad is actually accompanied by a zip file attachment called “sourcode.vbs” which contains a simple VB script. When the user triggers the script, a file pretending to be a JPEG image, but actually a PE binary is downloaded.
“At first glance, the downloaded executable appears to be a benign inventory system tool that contains many references to the SQL command’s inventory program. However, through further analysis, we found it to be a real trojan of an open source inventory system tool Version – TTJ Inventory System. ” The researchers said that these hacker organizations may lack the relevant industry experience, just use the phishing components purchased elsewhere, or the other party does not care about fishing was detected, as long as a user triggered the VB script they will be able to succeed.



According to the script’s comments, hackers behind phishing have no intention of concealing their behavior

Since 2016, developers of malware, Orcus, have been advertising as a remote management tool because it has all the features that the RAT software can provide and it also loads custom-developed plug-ins or add-ons provided in the Orcus warehouse. Some plugins in the Orcus repository can be used to perform distributed denial of service (DDoS) attacks. Like other remote-access Trojans, Orcus also has password-retrieval and key-logging capabilities to steal everything a victim enters on their device and remotely execute arbitrary code on the infected machine in real time. It also disables the lights on webcams to avoid alerting users that their webcam is active and triggering a BSOD if they attempt to close the process, making it more difficult for users to move them from the system except.

Surveys show that developers behind the Trojan deploy a bitcointalk[.]org, a fake bitcoin forum that downloads malware by posing as a Gunbot tool. This counterfeit bitcoin trading tool contains a similar trojanised “inventory system” and a VB script. Fortinet researchers speculate that small changes in this setting will be used in another fishing activity.

The researchers pointed out that the domain name seems to have been registered to “Cobainin Enterprises”, and there is another suspicious domain name registration. They suspect hackers are circulating these sites between their malware activities. In a survey of the Orcus RAT, researchers said the RAT’s behavior has actually gone beyond harmless management tools and that no matter how developers justify it, these applications are being used by cybercriminals.

No comments:

Post a Comment