Hackers use VPN provider's code certificate to sign malware

The China-aligned APT (advanced persistent threat) group known as 'Bronze Starlight' was seen targeting the Southeast Asian gambling industry with malware signed using a valid certificate used by the Ivacy VPN provider.

The main benefit of using a valid certificate is to bypass security measures, avoid raising suspicions with system alerts, and blend in with legitimate software and traffic.

According to SentinelLabs, which analyzed the campaign, the certificate belongs to PMG PTE LTD, a Singaporean vendor of the VPN product 'Ivacy VPN.'

The cyberattacks observed in March 2023 are likely a later phase of the 'Operation ChattyGoblin' that ESET identified in a Q4 2022 – Q1 2023 report.

However, SentinelLabs says it's challenging to associate with specific clusters due to the extensive sharing of tools between Chinese threat actors.

DLL side-loading

The attacks begin with dropping .NET executables (agentupdate_plugins.exe and AdventureQuest.exe) on the target system, likely via trojanized chat apps, that fetch password-protected ZIP archives from Alibaba buckets.

The AdventureQuest.exe malware sample was first found by security researcher MalwareHunterteam in May when they noted that the code-signing certificate was the same as one used for official Ivacy VPN installers.

Comments

Python Testing with pytest + Selenium | Master in testing 2023

Page Contents [hide] 1 Introduction : 2 Python Testing: An Unveiling of Significance: 3 Empowering Testing with pytest: 4 Harnessing the Power of Selenium: 5 Highlights of the Course: 6 Target Audience for the Course: 7 Prerequisites for Course Engagement: 8 The Advantages of Python Testing: 9 In Conclusion: Introduction : In the fast-paced and technologically advanced landscape of today’s digital world, the reliability, functionality, and user experience of software applications hold the key to business success. Software testing, a pivotal process in the software development life cycle, ensures that applications meet stringent quality standards and deliver seamless performance. In this context, Python has emerged as a powerful and versatile programming language that not only aids in application development but also plays a crucial role in software testing. By leveraging the capabilities of pytest and Selenium, Python testing has solidified its position as a preferred choice for t...

Java script course

Here is the place to learn Java Script course Course outline We are coming look at the Basics Intermediate Adavance Link JS file Stay calm we will continue tomorrow

Ghana online portals

Ghana Online Portals This website provide you with all Government and non governement portals for your daily activities, we have integrated websites on one page which you will have easy access. More portals will be added soon so kindly subscribe to get updates always The Births and Deaths Registry was established by Act 301 of 1965, within the Ministry of Local Government and Rural Development, to handle and develop the births and death registration system in Ghana. Its core business is to provide accurate and reliable information on all births and deaths occurring within Ghana for Socio-economic development of the Country through their registration and certification. VISION The vision of the Registry is to attain universal births and deaths registration in Ghana. Legalization of registered Births and Deaths Storage and management of births and deaths records/registers Issuance of Certified Copies of Entries in the Registers of Births and Deaths upon request. Effecting corrections and ...

Cyberspace

Search This Blog