in

Plurox backdoor opens up networks to cryptominers and protocol exploits

Plurox backdoor opens up networks to cryptominers and protocol exploits 1

This year, experts discovered a modular backdoor that delivers one of eight different cryptographers to infected systems, as well as delivering malicious plugins that use UPnP and SMB protocols.

Written in C and compiled with Mingw GCC, the malware, was dubbed Plurox, was discovered last February by Kaspersky experts who are confident they have discovered the backdoor while it was still under testing.

Plurox accesses its C2 server and receives TCP commands, as part of the process of determining which malicious plugins to install and operate on the infected device, according to Kaspersky ‘s blog on June 18, written by specialist Anton Kuzmenko.

Kasersky employees said they discovered two subnets while monitoring backdoor activity. The first receives cryptographers, and the second both mainers and plugins using Universal Plug and Play network protocol and Server Message Block internet protocol.

Kaspersky found eight miners as auto_proc, auto_cuda, auto_miner, auto_opencl_amd, auto_gpu_intel, auto_gpu_nvidia, auto_gpu_cuda and auto_gpu_amd. The malware informs the C2 server of the system configuration of the hacked computer, then gets back information about which of these eight plug-ins to download.

The main purpose of plugins using UPnP and SMB is to install a bridgehead in the network of the infected machine and spread as a virus, writes specialist Kuzmenko. Kaspersky notes that the UPnP plugin is quite similar to the ANSA Nintendo Silence exploit, while the SMB module distributes malware using the actual ANSA Nintendo Blue exploit.

0 0 vote
Article Rating

What do you think?

Written by admin

TA505 gang debuts ‘AndroMut” downloader to deliver Flawed Ammyy RAT globally 2

TA505 gang debuts ‘AndroMut” downloader to deliver Flawed Ammyy RAT globally

City of Sun Prairie warns of data breach after Unauthorized Access to Email Accounts 3

City of Sun Prairie warns of data breach after Unauthorized Access to Email Accounts