Connect with us

Published

on

This threat, called HotPage, comes self-contained in an executable file that loads its main driver and injects libraries into Chromium-based browsers.

While masquerading as a security product that can block ads, it actually serves up new ads. Additionally, the malware can replace the content of the current page, redirect the user, or open a new tab to a website filled with other ads.

Malware more security It exposes the vulnerability and exposes the system to even more dangerous threats. An attacker with a non-privileged account can exploit the vulnerable driver to gain SYSTEM privileges when using a legitimate, signed driver, or to inject the library into remote processes to cause further damage.

At the end of 2023, security researchers came across an installer called “HotPage.exe” that distributed a driver capable of injecting code into remote processes and two libraries capable of intercepting and tampering with browsers’ network traffic. The installer was detected as an adware component by most security products.

What really stood out for security researchers was the embedded driver signed by Microsoft. According to its signature, Hubei Dunwang Network Technology Co. Ltd. It was developed by a Chinese company called. Security researcher Romain Dumont, who discovered the threat, said: “The lack of information about the company was intriguing. The distribution method is still unclear, but according to our research, this software was promoted as an internet cafe security solution aimed at Chinese-speaking individuals.

It claims to improve web browsing experience by blocking ads and malicious websites, but the reality is quite different; It uses browser traffic interception and filtering capabilities to display game-related ads. “It is also likely sending some computer-related information to the company’s server to collect upload statistics,” he explained.

HotPage

According to available information, the company’s business scope includes technology-related activities such as development, services and consulting, as well as advertising activities. The main shareholder is currently Wuhan Yishun Baishun Culture Media Co, Ltd, a very small company that appears to specialize in advertising and marketing. Due to the level of privileges required to install the driver, the malware may have been bundled with other software packages or promoted as a security product.

Using Windows’ notification callbacks, the driver component keeps track of new browsers or tabs being opened. Under certain conditions, adware will use various techniques to inject shellcode into browser processes to load its network-interfering libraries. The injected code filters HTTP(S) requests and responses using Microsoft’s Detours hooking library. Malware can replace the content of the current page, redirect the user, or open a new tab to a website full of game ads.

Apart from its obvious malicious behavior, this kernel component leaves the door open for other threats to execute code at the highest privilege level available in the Windows operating system: the SYSTEM account. Due to improper access restrictions to this kernel component, any process can communicate with this component and leverage code injection to target unprotected processes.

“The HotPage driver reminds us that abusing Extended Validation certificates is still a thing. Because most security models rely on trust at some point, threat actors tend to play the line between legitimate and shady. “Whether such software is promoted as a security solution or offered together with other software, the capabilities gained through this trust expose users to security risks.”

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Security

Cybercriminals are targeting online ad networks

With just one click, a person’s computer or even the entire network can be invaded. Despite the constant use of ad blockers and advanced security software, malware spread through ads is still a big problem, especially when they masquerade as ads from legitimate sites.

Published

on

With just one click, a person’s computer or even the entire network can be invaded. Despite the constant use of ad blockers and advanced security software, malware spread through ads is still a big problem, especially when they masquerade as ads from legitimate sites.

Malicious search ads represent just one form of ad exploitation by threat actors. Other types include the distribution of malicious banner ads on legitimate websites that hide bad code using steganography. malicious Ads may also be encountered through in-text hyperlinks, pop-ups, and more.

Advert

How do malicious ads work on search engines?

Following the boom in various search engines throughout the 90s, and considering the online world is increasingly penetrating our physical daily lives, it is not surprising that advertising companies want to target such areas.

However, there may also be malicious ones among these search ads. Malvertising often involves threat actors buying prime ad space from search engines to persuade potential victims to click on their ads.

Scammers who pay for search ads automatically push their malicious pages to the top of people’s search results. Internet users searching for specific products may encounter such situations where only subtle clues are available to distinguish between a legitimate and a malicious ad or page.

Advert

In 2023, Google blocked or removed more than 1 billion ads that abused its ad network, including ads that promoted malware. Other online advertisers are also victims. Due to the nature of the advertising business, malicious actors can manipulate and compromise an entire ad chain in a variety of possible ways, from buying ads to spoofing search engine providers to hacking websites and ad servers.

While search engine providers continually remove malicious ads or websites from search results, hackers are persistent and continue to find new ways to counter content filtering, creating a game of mole between search providers and criminals. As a result, you can never be 100 percent sure whether what you clicked is a malicious link or not.

Continue Reading

Security

Xiaomi September 2024 Security Update Revealed

Xiaomi September 2024 security update has started to be offered to devices. Let’s examine the details of this update, which is of great concern to Xiaomi users.

Published

on

Xiaomi September 2024 security update has started to be offered to devices. Let’s examine the details of this update, which is of great concern to Xiaomi users.

Security updates released regularly every month for Android devices ensure safer and more stable operation of the devices. This month’s updates came first to Google’s Pixel devices and then to Samsung devices. Now Xiaomi has started to offer the September 2024 security update to users. Firstly Xiaomi Pad 6 model has received this update and it is expected to come to other Xiaomi models in the coming days.

Xiaomi September 2024 Security Update: The Update is Not Just Security

Xiaomi’s new update is not limited to security patches only. It also fixes bugs in floating windows and HyperOS launcher. In this way, the devices will offer a more fluid and trouble-free user experience. September 2024 update, Xiaomi Pad 6 It is offered with software version OS1.0.10.UMZCNXM, but it should be noted that this version is currently exclusive to China.

Xiaomi September 2024 security update

The update is first available to HyperOS Pilot Test users. However, this does not mean that the update will be limited to these users only. More Xiaomi, Redmi and more in the coming days POCO model too will get this update. If your device has not received this update yet, you do not need to worry; It will reach many devices in a short time.

Xiaomi September 2024 Security Update: 44 Vulnerabilities Closed

This security update published by Google is a total of 44 vulnerabilities is closing. One of these vulnerabilities was marked as critical and 32 of them were marked as high priority. Such updates protect users’ data by increasing the security of devices. The fact that Xiaomi offers these updates quickly is an indication that it prioritizes the security of the devices.

Xiaomi’s The September 2024 security update improves device security and fixes various bugs is very important in terms of What do you think about this update? Don’t forget to share your comments with us.

Continue Reading

Security

Unsupported Old IoT Devices Create Risks

A new threat is stirring in the digital graveyard. IoT devices that are out of support fall prey to malicious actors.

Published

on

A new threat is stirring in the digital graveyard. IoT devices that are out of support fall prey to malicious actors.

There comes a time when a device becomes obsolete because it becomes too slow, the owner buys a new device, or it lacks functionality compared to its current version. The manufacturer shifts its focus to a new model, ending the life of the old one.

At this stage, manufacturers stop providing, selling or marketing parts, services or software updates for the product. This can mean many things, but according to security experts, it also means that device security is no longer properly maintained, leaving the end user vulnerable.

Once support ends, cybercriminals may begin to gain the upper hand. cameras, Once the operating systems or firmware of devices such as teleconferencing systems, routers, and smart locks become outdated, they no longer receive security updates, leaving the door open to hacking or other exploits.

IoT

The number of IoT devices reached 17 billion

According to estimates, there are approximately 17 billion IoT devices in the world, from door cameras to smart TVs, and this number continues to grow. Let’s assume that only one-third of them become obsolete within five years.

This means just over 5.6 billion devices could be vulnerable to exploitation. As support decreases, the probability will increase. Often, these vulnerable devices can become part of a botnet, a network of devices that, under the command of a hacker, turn into zombies and do their bidding.

One person’s trash is another person’s treasure

Mozi is a good example of a botnet that exploits outdated and vulnerable IoT devices. This botnet was famous for hijacking hundreds of thousands of internet-connected devices every year. Once compromised, these devices were used for a variety of malicious activities, including data theft and distribution of malware payloads.

IoT

The botnet was very persistent and capable of rapid expansion, but was brought down by 2023. Exploiting vulnerabilities in a device such as an IoT video camera could allow an attacker to use that device as a surveillance tool and spy on you and your family.

Once IP addresses are discovered, remote attackers can take over vulnerable, internet-connected cameras without having prior access to the camera or knowing its login credentials. The list of vulnerable, defunct IoT devices goes on and on, and manufacturers often fail to take action to patch such vulnerable devices; In fact, when manufacturers go bankrupt, it is not possible for them to release patches for their devices.

Old device, new purpose

Due to the abundance of IoT devices among us, a new trend has emerged: Reusing old devices for new purposes.

For example, turning your old iPad into a smart home remote or using an old phone as a digital photo frame or car GPS. The possibilities are many, but safety should still be kept in mind.

These electronic devices should not be connected to the internet due to their vulnerable nature. On the other hand, getting rid of an old device by throwing it in the trash is not a good idea from a security perspective. Besides an environmental perspective, such as avoiding contaminating landfills with toxic substances, old devices can contain treasure troves of hidden information. Unsupported devices can also take part as zombies in a botnet, a network of compromised devices controlled by an attacker and used for nefarious purposes.

These zombie devices are often used for distributed denial-of-service (DDoS) attacks that overload someone’s network or website out of revenge, or for a different purpose, such as distracting from another attack.

Smart world, smart criminals and zombies

You should always keep your devices up to date and, when this is not possible, try to dispose of old data safely by deleting it. Once you destroy them, you must either replace them with a new device or find a new, much less involved purpose for them. Old devices can be easy targets, so by keeping them off the internet or stopping their use, you can feel safe and secure from any cyber harm through them.

Continue Reading

Trending

Copyright © 2022 RAZORU NEWS.
Project by V