• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
new chinese malware attack framework targets windows, macos, and linux

New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems

You are here: Home / General Cyber Security News / New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems
October 13, 2022

A beforehand undocumented command-and-management (C2) framework dubbed Alchimist is very likely getting applied in the wild to target Windows, macOS, and Linux systems.

“Alchimist C2 has a web interface prepared in Simplified Chinese and can crank out a configured payload, create remote sessions, deploy payload to the remote machines, capture screenshots, perform remote shellcode execution, and run arbitrary commands,” Cisco Talos stated in a report shared with The Hacker News.

Prepared in GoLang, Alchimist is complemented by a beacon implant referred to as Insekt, which comes with distant access attributes that can be instrumented by the C2 server.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


CyberSecurity

The discovery of Alchimist and its assorted spouse and children of malware implants arrives 3 months soon after Talos also in depth a further self-contained framework known as Manjusaka, which has been touted as the “Chinese sibling of Sliver and Cobalt Strike.”

Even far more curiously, both of those Manjusaka and Alchimist pack in identical functionalities, regardless of the differences in the implementation when it comes to the web interfaces.

Alchimist C2 panel even further characteristics the skill to generate PowerShell and wget code snippets for Windows and Linux, perhaps making it possible for an attacker to flesh out their an infection chains to distribute the Insekt RAT payload.

The recommendations could then be embedded in a maldoc hooked up to a phishing email that, when opened, downloads and launches the backdoor on the compromised device.

The trojan, for its element, is geared up with functions usually present in backdoors of this type, enabling the malware to get program info, seize screenshots, run arbitrary instructions, and down load remote data files, among many others.

CyberSecurity

What is far more, the Linux version of Insekt is capable of listing the contents of the “.ssh” directory and even including new SSH keys to the “~/.ssh/authorized_keys” file to facilitate distant obtain over SSH.

But in a indication that the menace actor driving the operation also has macOS in their sights, Talos explained it uncovered a Mach-O dropper that exploits the PwnKit vulnerability (CVE-2021-4034) to accomplish privilege escalation.

“Nonetheless, this [pkexec] utility is not set up on MacOSX by default, this means the elevation of privileges is not guaranteed,” Talos pointed out.

The overlapping functions Manjusaka and Alchimist factors to an uptick in the use of “all-inclusive C2 frameworks” that can be utilized for remote administration and command-and-manage.

“A threat actor getting privileged shell obtain on a victim’s device is like having a Swiss Army knife, enabling the execution of arbitrary instructions or shellcodes in the victim’s natural environment, resulting in substantial consequences on the concentrate on group,” the researchers mentioned.

Uncovered this article exciting? Abide by THN on Facebook, Twitter  and LinkedIn to browse extra special written content we put up.


Some elements of this report are sourced from:
thehackernews.com

Previous Post: «new timing attack against npm registry api could expose private New Timing Attack Against NPM Registry API Could Expose Private Packages
Next Post: Budworm Espionage Group Returns, Targets US State Legislature Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
  • Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
  • CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk
  • Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
  • WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
  • New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
  • AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
  • Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
  • Non-Human Identities: How to Address the Expanding Security Risk
  • ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

Copyright © TheCyberSecurity.News, All Rights Reserved.