iPhone Srbija Servis, Beograd Kosovska 28
Results 1 to 6 of 6

Thread: CrossRAT malware za macOS, Windows, Linux

  1. #1
    Administrator zabrljanje's Avatar
    Join Date
    Jul 2011
    Location
    Beograd
    Posts
    20,586
    Thanks
    1,024
    Thanked 9,596 Times in 6,435 Posts

    Default CrossRAT malware za macOS, Windows, Linux

    Najnoviji virus, CrossRAT (version 0.1), koji je nedavno pusten, predstavlja multiplatformsku pretnju a razvila ga je, najverovatnije, Dark Caracal grupa.


    CrossRAT je cross-platform remote access Trojanac koji je napisan za Windows, Solaris, Linux i macOS, i omogucava remote napade na file system, omogucava pravljenje screenshot-ova, pokretanje razlicitih izvrsnih komandi a podize se sa sistemom.



    Dark Caracal hackeri se ne oslanjaju na "zero-day exploits", da bi distribuirali malware. Umesto toga, obicno koriste "basic social engineering" preko postova na Facebook groupama ili preko WhatsApp poruka, pokusavajuci da navuku korisnike da posete lazne web sajtove koji su pod njihovom kontrolom i skinu malicioznu aplikaciju.
    CrossRAT je napisan u Javi.







    U ovom yrenutku ga otkriva vec 25 antivirusnih alata, prema VirusTotal (slika je sa sajta koji je ovo objavio pre dva dana).

    Nakon pokretanja, glavni fajl, hmar6.jar, provera na kom se operativnom sistemu pokrece i prema tome se i instalira. Za Linux provera i koja je distribucija instalirana na racunaru.
    Na ovaj nacin implementira odgovarajuce mehanizem da bi bio pokrenut sa svakim podizanjem sistema i registruje na C&C server, omogucavajuci "remote attack" i izvrsavanje razlicitih komandi.

    On se konektuje na 'flexberry(dot)com' na port 2223, a informacija o njemu se nalazi u okviru 'crossrat/k.class' file-u.
    Nacin na koji mozete da proverite a li je vas sistem zarazen Cros RAT virusom:


    For Windows:

    • Check the 'HKCU\Software\Microsoft\Windows\CurrentVersion\Ru n\' registry key.
    • If infected it will contain a command that includes, java, -jar and mediamgrs.jar.

    For macOS:

    • Check for jar file, mediamgrs.jar, in ~/Library.
    • Also look for launch agent in /Library/LaunchAgents or ~/Library/LaunchAgents named mediamgrs.plist.

    For Linux:

    • Check for jar file, mediamgrs.jar, in /usr/var.
    • Also look for an 'autostart' file in the ~/.config/autostart likely named mediamgrs.desktop.




    Kako da se zastitite:

    Kao i za vecinu stvari, osnova je da ne klikcete na random linkove.

    Najnoviji macOS ne dolazi sa Javom. Kad je instalirate, vazi isto pravilo koje je vec napomenuto.


    Kompletnu analizu ovog malware-a, mozete da vidite na

    https://objective-see.com/blog/blog_0x28.html




    https://thehackernews.com/2018/01/crossrat-malware.html

  2. The Following 4 Users Say Thank You to zabrljanje For This Useful Post:

    Cuksi (29-01-2018),mccf (27-01-2018),vlada11070 (27-01-2018),zikicz (26-01-2018)

  3. #2
    iPhoneBigFan mccf's Avatar
    Join Date
    Jan 2012
    Age
    57
    Posts
    486
    Thanks
    360
    Thanked 234 Times in 142 Posts

    Default Re: CrossRAT malware za macOS, Windows, Linux


  4. #3
    iSrbijaHero Cuksi's Avatar
    Join Date
    Jun 2010
    Location
    Beograd
    Posts
    1,475
    Thanks
    2,264
    Thanked 725 Times in 396 Posts

    Default Re: CrossRAT malware za macOS, Windows, Linux

    Samo ne razumem kako da proverim na windows 10 da li sam zarazen, posto ne razumem gde je ovo. U regedit ili gde

  5. #4
    Administrator zabrljanje's Avatar
    Join Date
    Jul 2011
    Location
    Beograd
    Posts
    20,586
    Thanks
    1,024
    Thanked 9,596 Times in 6,435 Posts

    Default Re: CrossRAT malware za macOS, Windows, Linux

    Upravo u registry bazi.

  6. The Following User Says Thank You to zabrljanje For This Useful Post:

    Cuksi (30-01-2018)

  7. #5
    iSrbijaHero Cuksi's Avatar
    Join Date
    Jun 2010
    Location
    Beograd
    Posts
    1,475
    Thanks
    2,264
    Thanked 725 Times in 396 Posts

    Default Re: CrossRAT malware za macOS, Windows, Linux

    Jesam gledao ali nisam uspeo da nadjem, ima gomila tamo skarcenica ali nigde nisam video HKCU

  8. #6
    Administrator zabrljanje's Avatar
    Join Date
    Jul 2011
    Location
    Beograd
    Posts
    20,586
    Thanks
    1,024
    Thanked 9,596 Times in 6,435 Posts

    Default CrossRAT malware za macOS, Windows, Linux

    To je skracenica od Hotkey current user.

  9. The Following User Says Thank You to zabrljanje For This Useful Post:

    Cuksi (05-02-2018)

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •