TROJANIZED!

DailyPost 2840
TROJANIZED!

The famed Trojan horses are not over as a matter of battle strategy, it is just that the battle theatre has changed over centuries. It has transformed into a Trojan Horse Virus in the cyber world. It is a type of malware that downloads onto a computer disguised as a legitimate program. Of the latest, most potent has been through the Suburst update of SolarWinds Orion Software, which then allowed the remote access trojan to infect all their computer systems and networks. The expanse of this breach makes it one of the biggest ever. Now a couple of years later, we hear of an Indian software firm’s products hacked to spread data-stealing malware.

It’s the same modus operandi which creeps up as per expertise, requirement and convenience. The company now which is in the eye of the storm is an Indian company, with installers for three of its products trojanized to distribute information-stealing malware. It was cybersecurity firm Rapid7 which brought this to light. The installers used for the purpose correspond to Notezilla, RecentX, and Copywhiz. This supply chain compromise was discovered on June 18, 2024. The resilience of the company is praiseworthy. To its credit the issue was remediated by Conceptworld as of June 24 within 12 hours of its responsible disclosure.

The company said, “the installers had been trojanized to execute information-stealing malware that has the capability to download and execute additional payloads.” Though file size generally goes undetected, it can be an important indicator. But who knows the file size in advance? It was also officially stated that the malicious versions had a larger file size than their legitimate counterparts. What does this Trojan malware do? It is geared to steal browser credentials, cryptocurrency wallet information, log clipboard contents and keystrokes.

The Trojan malware could download and execute additional payloads on the infected Windows hosts. The Trojan also “sets up persistence using a scheduled task to execute the main payload every three hours.” The methods of execution of the payload are fine and so is the elaboration of results. It is still not currently clear how the official domain of conceptworld.com was breached to stage the counterfeit installers. The company has informed that users who have downloaded an installer for Notezilla, RecentX, or Copywhiz in June 2024 are on the prone list of this attack. The company advises them to examine their systems for signs of compromise and take appropriate action.

CYBER WORLD IS IN A PERPETUAL WAR OF ATTRITION.
Sanjay Sahay

Have a nice evening.

Leave a Comment

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.

Scroll to Top