• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
novel phishing method deceives users with ubiquitous it support tool

Novel phishing method deceives users with ubiquitous IT support tool

You are here: Home / General Cyber Security News / Novel phishing method deceives users with ubiquitous IT support tool
February 21, 2022

Mockup of a hook fishing an email icon out of the ocean

A cyber security researcher has documented a novel phishing method that involves cyber criminals harnessing digital network computing (VNC) technology on a personal server to launch a wide range of attacks.

Utilizing the open up resource noVNC customer, the phishing method permits successful attackers to start destructive code into a victim’s browser, plant a keylogger, and passively notice all person exercise.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The researcher, who goes by the name mr.d0x. statements the process of attack bypasses two-factor authentication (2FA), which includes Google’s 2FA protocol made use of for the likes of Gmail and Google accounts, and facilitates the thieving of qualifications. 

The phishing technique correctly acts as a VNC consumer for the attacker to remotely check and entry a user’s surroundings, generating a gentleman-in-the-middle (MITM) attack.

The technology is frequent in present day firms, with workforce remaining acquainted with IT guidance teams accessing their pcs remotely to solve complex issues. 

The original deception is realized in a common phishing structure – a strategically crafted email presents a backlink the person requires to click on on. The moment clicked, the consumer is taken to a immediate server run by the attacker, somewhat than a destructive web website page.

The attack can be released against individuals employing any browser, theoretically like ones on cellular gadgets, though the researcher stated they had issues in executing the attack on smartphones. 

There are some shortcomings with the approach, the researcher claimed, like the issue whereby the attacker has to present control of their machine to the sufferer in order for the attack to perform.

It’s also attainable that specified the mother nature of VNC software package, there may possibly be some recognizable enter lag for the target, supplying an indicator that the web site is not authentic.

This is now a proof of concept type of phishing attack with no known actively exploited conditions in the wild, while remote accessibility to firms is reportedly on the rise in a string of burgeoning dark web operations.

“Browsers are much more potent than ever and the use of browsers as consumers for distant access provides new means for attackers to steal credentials, bypass 2FA, and extra,” stated the researcher. “I strongly imagine that what I’ve demonstrated in this write-up is only a smaller part of what this approach can be utilized for.”

noVNC attack breakdown

The attacker initial requires to deploy a Linux equipment by means of a cloud provider supplier any supplier or Linux distro is fine. Firefox is superior for this, the researcher mentioned, but any browser with a kiosk mode will also work.

Once the Linux instance is up and working, the attacker then requirements to install VNC computer software these types of as TightVNC or TigerVNC in advance of managing some personalized instructions to make certain the environment is effectively configured for the attack. The noVNC javascript library and software can then be downloaded from GitHub and set up much too.

A web browser wants to be working in the deployment and displaying the authentication web page from which the attacker desires to steal credentials, such as Google’s login web site. The attacker can use any browser, Firefox is good here, but it should be managing in kiosk manner. 

This method is effective in spear phishing campaigns but will face issues if despatched to various targets due to the fact they will be sharing the very same VNC session. 

However, the method can be modified and automated so distinct customers access various VNC classes by assigning customers to unique ports.


Some areas of this posting are sourced from:
www.itpro.co.uk

Previous Post: «Cyber Security News Banking World Rocked After Leak Exposes 18,000 Credit Suisse Accounts
Next Post: Nokia debuts new SaaS services in security and analytics nokia debuts new saas services in security and analytics»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New HTTPBot Botnet Launches 200+ Precision DDoS Attacks on Gaming and Tech Sectors
  • Top 10 Best Practices for Effective Data Protection
  • Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks
  • Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks
  • [Webinar] From Code to Cloud to SOC: Learn a Smarter Way to Defend Modern Applications
  • Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit
  • Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails
  • Pen Testing for Compliance Only? It’s Time to Change Your Approach
  • 5 BCDR Essentials for Effective Ransomware Defense
  • Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers

Copyright © TheCyberSecurity.News, All Rights Reserved.