![]() ![]() "The analysis of the samples provided by Arbor shows all were based on an illicitly modified old version of the LoJack agent from 2008 and no customers or partners have been impacted.May 4th 2018 – UPDATE FROM ABSOLUTE SOFTWARE:.– After the disclosure of the malicious Lojack binaries, many Anti-Virus vendors have been quick to respond in properly marking samples as "malware" and "DoubleAgent", rather than "Riskware" or "unsafe" ( Figure 2).However, Fancy Bear commonly uses phishing to deliver malware payloads as seen with Sedupload in late 2017. The distribution mechanism for the malicious Lojack samples remains unknown.Initially, the Lojack agents containing rogue C2 had low Anti-Virus (AV) detection which increased the probability of infection and subsequent successful C2 communication.Its continued use suggest attackers could have used it in long-running operations. Proof of concept in using Lojack as a backdoor or intrusion vector date back to 2014.ASERT researchers identified Lojack agents containing command and control (C2) domains likely associated with Fancy Bear operations.NOTE: Arbor APS enterprise security products detect and block on all activity noted in this report. ![]() Although the initial intrusion vector for this activity remains unknown, Fancy Bear often utilizes phishing email to deliver payloads. Lojack makes an excellent double-agent due to appearing as legit software while natively allowing remote code execution. Lojack, formally known as Computrace, is a legitimate laptop recovery solution used by a number of companies to protect their assets should they be stolen. They also target industries that do business with such organizations, such as defense contractors. Fancy Bear actors typically choose geopolitical targets, such as governments and international organizations. government have both attributed Fancy Bear activity to Russian espionage activity. These hijacked agents pointed to suspected Fancy Bear (a.k.a. ASERT recently discovered Lojack agents containing malicious C2s. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |