Tuesday, April 23, 2024

Hackers infect users of antivirus service that delivered updates over HTTP


Hackers infect users of antivirus service that delivered updates over HTTP

Enlarge (credit: Getty Images)

Hackers abused an antivirus service for five years in order to infect end users with malware. The attack worked because the service delivered updates over HTTP, a protocol vulnerable to attacks that corrupt or tamper with data as it travels over the Internet.

The unknown hackers, who may have ties to the North Korean government, pulled off this feat by performing a man-in-the-middle (MiitM) attack that replaced the genuine update with a file that installed an advanced backdoor instead, said researchers from security firm Avast today.

eScan, an AV service headquartered in India, has delivered updates over HTTP since at least 2019, Avast researchers reported. This protocol presented a valuable opportunity for installing the malware, which is tracked in security circles under the name GuptiMiner.

Read 10 remaining paragraphs | Comments

Reference : https://ift.tt/8Sy6LCl

No comments:

Post a Comment

IBM boosts the amount of computation you can get done on quantum hardware

There's a general consensus that we won't be able to consistently perform sophisticated quantum calculations without the developme...