fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Fake Windows 11 Upgrade Installers Infect you with RedLine Malware

Fake Windows 11 Upgrade Installers Infect you with RedLine Malware

Threat actors have started distributing fake Windows 11 upgrade installers to users of Windows 10, tricking them into downloading and executing RedLine stealer malware.

The timing of the attacks coincides with the moment that Microsoft announced Windows 11’s broad deployment phase, so the attackers were well-prepared for this move and waited for the right moment to maximize their operation’s success.

RedLine stealer is currently the most widely deployed password, browser cookies, credit card, and cryptocurrency wallet info grabber, so its infections can have dire consequences for the victims.

Also Read: How COVID-19 Contact Tracing in Singapore Applies at Workplace

The campaign

According to researchers at HP, who have spotted this campaign, the actors used the seemingly legitimate “windows-upgraded.com” domain for the malware distribution part of their campaign.

The site appears like a genuine Microsoft site and, if the visitor clicked on the ‘Download Now’ button, they received a 1.5 MB ZIP archive named “Windows11InstallationAssistant.zip,” fetched directly from a Discord CDN.

Phony website used for malware distribution
Fake website used for malware distribution (HP)

Decompressing the file results in a folder of 753MB of size, showcasing an impressive compression ratio of 99.8%, achieved thanks to the presence of padding in the executable.

When the victim launches the executable in the folder, a PowerShell process with an encoded argument starts.

Next, a cmd.exe process is launched with a timeout of 21 seconds, and after that expires, a .jpg file is fetched from a remote web server.

This file contains a DLL with contents arranged in reverse form, possibly to evade detection and analysis.

Finally, the initial process loads the DLL and replaces the current thread context with it. That DLL is a RedLine stealer payload that connects to the command-and-control server via TCP to get instructions on what malicious tasks it has to run next on the newly compromised system.

RedLine execution and loading chain
RedLine execution and loading chain (HP)

Outlook

Although the distribution site is down now, nothing stops the actors from setting up a new domain and restarting their campaign. In fact, this is very likely already happening in the wild.

Windows 11 is a major upgrade that many Windows 10 users cannot get from the official distribution channels due to hardware incompatibilities, something that malware operators see as an excellent opportunity for finding new victims.

As BleepingComputer reported in January, threat actors are also leveraging Windows’ legitimate update clients to execute malicious code on compromised Windows systems, so the tactics reported by HP are hardly surprising at this point.

Remember, these dangerous sites are promoted via forum and social media posts or instant messages, so don’t trust anything but the official Windows upgrade system alerts.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us