駭客假借提供盜版Office軟體散布木馬程式、挖礦軟體、代理伺服器工具
支付動態 · 2024-05-31
研究人員揭露一起藉由提供微軟Office下載工具的惡意程式攻擊行動,對方藉由這類工具引誘用戶上當,將其下載並執行,然而在該這支程式啟動後,電腦就會在背景下載一系列惡意軟體
在背景當中,此Office安裝程式會啟動經過混淆處理的.NET惡意軟體,藉由存取即時通訊軟體Telegram的頻道,或社群網站Mastodon的網址,從而取得下載檔案的URL,而這些網址位於Google Drive或是GitHub,因此一般的防毒軟體都會放行。
若是透過惡意軟體從上述URL下載與還原經Base64編碼處理的有效酬載,並且執行,就會觸發PowerShell命令,並將一系列的惡意軟體植入受害電腦。
這些惡意軟體包括:木馬程式Orcus RAT、挖礦軟體XMRig、將受害電腦變成非法代理伺服器的3Proxy、惡意程式下載工具PureCrypter,以及能竄改防毒軟體組態或是進行停用的程式AntiAV。
值得留意的是,就算使用者察覺惡意程式並手動刪除,只要電腦重新開機,駭客部署的「更新程式」就會重新載入前述的惡意軟體。
Popular articles
Gaming & Technology Expo Makes a Powerful Entrance in CDMX
Marketing
New Jersey July Gambling Revenue Hits $606M, Sweeps Casinos Banned
Regulation
Kazakhstan plans to penalise online casino promotions
Regulation
Full House at GAT Expo Cartagena 2026 Academic Agenda
Online Game
GGC Awards 2026 Shines in Colombo: Honoring Leaders and Innovators in the iGaming Industry
HUIDU Focus
HUIDU Invites You to Booth T70 at iGB L!VE 2026 — Let’s Ignite London This July!
HUIDU Focus
PropellerAds Shared a New iGaming Case Study: 97,674 Installs and 12,701 Deposits in 3 Months
Marketing
UK MPs reopen 2025 gambling inquiry as reform stalls
Regulation
Institutional Academy that exceeded expectations marked the opening of GAT CDMX
Online Game
Vietnam’s Controlled Gaming Shift Gains Ground, But Domestic Demand Still Lags
Southeast Asia
JILI Partners with Cricket Legend AB de Villiers (ABD) to Launch Exclusive Branded Game Series 100% 11
Sports Game
Indiana online casino bill stalls in House committee
Regulation
Across 6 Cities: HUIDU Invites You to 8 World Cup Parties Redefining High-Value Social Networking
HUIDU Focus
Are you ready to maximize your earnings? Try ProPush.me Constructor!
Marketing
SBC Summit Canada to Make Player Safety a Key Pillar of 2026 Agenda
Marketing
