By LBT Technology Group, LLC. on Thursday, 13 June 2024
Category: Security

New typosquatting attack targeting Google users

Threat update

Google users have been targeted with a typosquatted attack when searching Advanced IP Scanner. When searching for this free network scanner for Windows, users are served with an exploited version of Advanced IP Scanner that injects a CobaltStrike Beacon into the parent process's address space. 

Technical Detail and Additional Info

What is the threat?

CobaltStrike Beacon is a payload, created by CobaltStrike, to model post-exploitation activities in red team or offensive security attacks. Beacon creates a communication channel between the attacker's command-and-control(C2) server and the compromised user's system. It is often disguised and cloaked through traffic on the HTTP/HTTPS or DNS tunnelling making it very difficult to detect. Once the Beacon communication channel is established between the devices, the bad actor can steal data, send commands and spread the Beacon throughout the network. 

Why is it noteworthy?

Attacks of this nature always pose a high security threat to the public because of its stealth, effectiveness, and execution. The bad actors were able to openly market this domain and promote it to Google users without users questioning the search results. The intricacy of the program allows the Beacon to deploy effectively and swiftly by decrypting the Beacon, then injecting it into the parent process's address system. These factors make this payload an emerging threat in the cybersecurity space.

What is the exposure or risk?

The flexibility and cloaking like customization of the CobaltStrike Beacon makes it extremely adaptable to different scopes and attacks. Operators of the Beacon can create different Malleable C2 profiles, which helps it blend into network traffic and hide behind your computer's activities. Bad actors have exploited this feature to make the Beacon avoid various virus and malware security scanners. 

What are the recommendations?

 LBT Technology Group recommends the following actions to limit the impact of downloading CobaltStrike Beacon:

References

 For more in-depth information about the recommendations, please visit the following links:


If you have any questions, please contact LBT's Sales Engineer.

Related Posts

Leave Comments