Hackers Using Unmonitored System Tools, Protocols for Malicious Goals

Source: https://www.hackread.com/dnsmessenger-malware-attack-fud/
Waqas – Hackread

Hackers Using Unmonitored System Tools, Protocols for Malicious Goals

The IT security researchers at Cisco’s security intelligence and research group Talos have discovered a malware that can fully hide its origins. The sample that the researchers analyzed was utilizing DNS TXT record queries/response for creating a “bidirectional Command and Control channel.” The findings of their research have been published in a report compiled by Edmund Brumaghin and Colin Grady.

The report suggests that attackers can easily infect a machine and use it for exchanging communications through the DNS (domain name system) for delivering other commands and acquiring salient malicious objectives. This hints at the fact that attackers are administering RAT and launching numerous phases of fileless Powershell, which Talos researchers found very unusual and evasive. It indicated that attackers are making it a point to avoid detection by utilizing all available tools and tactics. The report stated:

“This malware sample is a great example of the length attackers are willing to go to stay undetected while operating within the environments that they are targeting. It also illustrates the importance that in addition to inspecting and filtering network protocols such as HTTP/HTTPS, SMTP/POP3, etc.”

The attack has been named as DNSMessenger. When the user opens the Word file, which is in the form of a Protected Document that is McAfee secured, a message pops up asking the users to enable the content button that will lead to displaying of the document’s content. However, when the victim clicks on the button, malicious Powershell script is loaded. Powershell is a scripting language that is built into Windows OS and lets the system administration tasks to be automated. The malicious script performs its job in memory and does not write any infected files to the disk.

Leave a comment

Your email address will not be published.

Loading ...