Cybersecurity researchers have discovered a new computer virus associated with the Stealth Falcon state-sponsored cyber espionage group that abuses a built-in component of the Microsoft Windows operating system to stealthily take stolen data to the attacker control server. Stealth Falcon a sophisticated hacking group based in the United Arab Emirates (UAE). The hacking group is known for targeting journalist-activist lawyers and dissidents in the Middle East. Dubbed Win32/Stealth Falcon, named after the hacking group, the malware communicates and sends collected data to its remote command-and-control (C&C) servers using Windows Background Intelligent Transfer Service (BITS).

BITS or Background Intelligent Transfer Service is used for downloading files from the servers and is commonly is used by software updaters. It is also used for downloading and installing files on Windows 10, messengers and other applications. According to ESET security researcher as host-based firewalls are more likely to align itself to BITS tasks it allows malware to operate in the background and steal data without giving any warning beforehand. The malware first encrypts the data and then uploads a copy of the encrypted data to the command and control server via Background Intelligent Transfer Service (BITS).

Image source: www.bankinfosecurity.com

Once the data is stolen the malware removes all the credential and collects the confidential information after which the malware rewrites and fields with random values so to remove any backlinks that can be tracked by the forensic analyst. As explained in the report, Win32/Stealth Falcon backdoor has not only been designed to steal data from the compromised systems but can also be used by attackers to further deploy more updates by sending in communication back and forth from command and control.  The new malware uses Power Shell based which is attributed to the Stealth Falcon group tracked by Citizen Lab 2016 to share command and control and code information.

Image source: www.cpomagazine.com

Source: The Hacker News


Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation with the reliance on or usage of any content, goods or services mentioned in this article.


Tags: #Darknet #.onion_Sites_Links #Deep_Web_Links_and_Web_Sites #Dark_Web_Links_Hidden_Wiki #Dark_net_Links

SHARE
Previous articleAFS and Q6 Cyber Reveal Latest Fraud Threats Developing in the Dark Web
Next article5 People Arrested Over Counterfeit Sale on the Darknet
DEMARCO BERRY
Demarco Berry is a senior writer for Dark Web Link, covering security, privacy, information freedom, and hacker culture. Before coming to Dark Web Link, he worked as a senior writer for The New York magazine. Demarco has received his bachelor’s degree from Haverford College and a master’s degree from New York University’s business and economic reporting program.

LEAVE A REPLY

Please enter your comment!
Please enter your name here