6.5 C
New York
Tuesday, December 1, 2020

Malicious code: Talos experts warn against RAM-based network

Talos security experts have pointed out a new malware campaign in which the malicious code is not immediately detected by virus scanners. Because the attack avoided it largely to access the local permanent memory.

Must Read

Iran claims to have identified the mastermind behind the assassination of Nuclear Scientist Fajrizade

The mastermind behind the assassination of Iranian nuclear physicist Mohsen Fajrizade has been identified, declared the secretary of Iran's...

Moderna claims 100% effectiveness of its Covid-19 vaccine for severe cases

The drugmaker Moderna will file documents with the US Food and Drug Administration today to obtain an emergency use...

Eight Foods and Drinks That Can Trigger Migraines

The causes of migraines are complex and not always known, however there are some foods that might be making...
Kamal Saini
Kamal S. has been Journalist and Writer for Business, Hardware and Gadgets at Revyuh.com since 2018. He deals with B2b, Funding, Blockchain, Law, IT security, privacy, surveillance, digital self-defense and network policy. As part of his studies of political science, sociology and law, he researched the impact of technology on human coexistence. Email: kamal (at) revyuh (dot) com

The malware itself is listed as Divergent. On the users’ computers, the malicious code came through corresponding scripts, which were either integrated into websites via advertising networks or insecure backends. The code itself will then nest in the main memory and avoid writing files to the hard disk or SSD – because this would mean that existing virus scanners would quickly become aware of the unexpected activities. Instead, the malicious code gets out of RAM and loads various components from here as well.

These include, among others, the Node.js framework, which makes it possible to get javascript scripts running outside of the browser. The malware also relies on WinDivert, an open source tool for intercepting and modifying data packets in networks. Reloaded components then ensure, among other things, that active virus scanners are switched off as far as possible, before eventually writing something into the file system.

Always up to date

The malware modules on the computer then ensure that the computer can serve as a proxy system for various tasks, which then bring the operators money. Among other things, they perform click fraud. However, other activities may already have taken place – after all, traces of malware can be traced back to last February.

Accordingly, it is not a big disadvantage for the operator that the malicious code after switching off the computer is no longer available – because it ensures that basically only current variants are used, which always do the tasks currently pending and not one Pursue employment that has long since stopped contributing. The analysis by the security experts now makes it possible to insert suitable signatures into the AV databases – but it should soon come to the distribution of new versions that are no longer recognized directly.

Via | Divergent

- Advertisement -

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisement -

Latest News

Iran claims to have identified the mastermind behind the assassination of Nuclear Scientist Fajrizade

The mastermind behind the assassination of Iranian nuclear physicist Mohsen Fajrizade has been identified, declared the secretary of Iran's...

Moderna claims 100% effectiveness of its Covid-19 vaccine for severe cases

The drugmaker Moderna will file documents with the US Food and Drug Administration today to obtain an emergency use of the vaccine. The updated results...

Eight Foods and Drinks That Can Trigger Migraines

The causes of migraines are complex and not always known, however there are some foods that might be making you spend hours and even...

Merriam-Webster Experts Pick ‘Pandemic’ as the Word of the Year 2020

Language experts at the Merriam-Webster online dictionary chose 'pandemic' as the word of 2020. "Sometimes a single word defines an era, and it is only...

An amateur astronomer finds 15 stars suitable for the possible source of the “Wow! Signal”

An amateur astronomer found 15 stars suitable for the role of the source of the Wow! a radio signal, which could have been sent...
- Advertisement -

More Articles Like This

- Advertisement -