- cross-posted to:
- saugumas
- cross-posted to:
- saugumas
This is the best summary I could come up with:
The unknown hackers, who may have ties to the North Korean government, pulled off this feat by performing a man-in-the-middle (MitM) attack that replaced the genuine update with a file that installed an advanced backdoor instead, said researchers from security firm Avast today.
eScan, an AV service headquartered in India, has delivered updates over HTTP since at least 2019, Avast researchers reported.
This protocol presented a valuable opportunity for installing the malware, which is tracked in security circles under the name GuptiMiner.
“This sophisticated operation has been performing MitM attacks targeting an update mechanism of the eScan antivirus vendor,” Avast researchers Jan Rubín and Milánek wrote.
The threat actors then performed a MitM attack that allowed them to intercept the package sent by the update server and replace it with a corrupted one that contained code to install GuptiMiner.
Some variants of the infection chain stashed the malicious code inside an image file to make them harder to detect.
The original article contains 581 words, the summary contains 159 words. Saved 73%. I’m a bot and I’m open source!