Image Credit: Pixabay
Imagine if your antivirus program infected your computer with malware – that’s exactly what happened to some eScan antivirus users recently.
A new report from Avast has explained how a threat actor, possibly of North Korean affiliation, used a vulnerability in the antivirus program to sideload a backdoor called GuptiMiner.
Apparently, after obtaining an adversary-in-the-middle (AitM) position on the target endpoint, hackers were able to hijack the virus definition update, and have it carry malware, as well. The virus definition database would be updated as normal, but the antivirus program would also be abused to execute and run GuptiMiner.
Kimsuki attacks
The backdoor’s name might be somewhat confusing, because this isn’t a miner – a piece of malicious code that secretly mines cryptocurrency for the attackers. GuptiMiner is a backdoor that analyzes the environment to see if it’s running in a sandbox, disables various antivirus and endpoint protection tools, and drops additional payloads.
Among those additional payloads is, ironically enough, XMRig – an actual cryptocurrency miner.
Avast has attributed this attack to Kimsuki since GuptiMiner is quite similar to the Kimsuky keylogger. Furthermore, in both instances the mygamesonline[.]org domain was used.
XMRig is not the only piece of malicious code that Kimsuki dropped on their targets. There was also an improved version of the Putty Link backdoor, as well as an unnamed, “complex modular malware” that steals private keys, crypto wallet information, and more.
The targets seem to be mostly big corporations.
Since the discovery of the campaign, eScan was notified and has subsequently plugged the hole. According to BleepingComputer, the company also said it received a similar report back in 2019. A year later, it implemented a robust checking mechanism, to ensure the rejection of non-signed binaries.
In conclusion, eScan users should update their antivirus programs immediately, as Kimsuki is still going after those who didn’t patch up.
More from TechRadar Pro
News Related
-
Asylum seekers travel in an inflatable boat across the English Channel, bound for Dover on the south coast of England (Photo: Ben Stansall/AFP) Up to 40 Conservative MPs are poised to rebel over Rishi Sunak’s Rwanda deportation policy as they question ministers’ commitment to the scheme. A major row is ...
See Details:
Up to 40 Tory MPs ‘set to rebel’ if Sunak’s Rwanda plan doesn’t override ECHR
-
In the saltmarsh fringing where the Ballyboe River dissolves into Trawbreaga Bay, a little egret wears its plumage like a windblown stole. Our car swoops across the 10 arches of Malin bridge and we park along the village green. Malin is almost as far north as you can get on ...
See Details:
Country diary: A tale of three churches
-
Photograph: Chris Ratcliffe/EPA Hampton Court is an enduring monument to the power of Henry VIII, a pleasure palace down the Thames from Westminster and the City of London. On Monday it was the scene of power projection of a different kind, as Rishi Sunak pitched for investment from some of ...
See Details:
Sunak woos business elite with royal welcome – but they seek certainty
-
-
Tottenham interested in move to sign “fearless” £20m defender in January Tottenham Hotspur have joined the race to bring an overseas defender to the Premier League in January, according to a fresh report. Postecoglou’s centre-back options The Lilywhites currently have Micky Van De Ven, Ashley Phillips, Cristian Romero and Eric ...
See Details:
Tottenham interested in move to sign “fearless” £20m defender in January
-
A £100m campaign urging households and businesses to use less water will be funded from customers’ bills, Ofwat has said. Bill payers to stump up cost of £100m water usage campaign The regulator’s chief executive David Black told MPs that if the measures worked it would be cheaper than building ...
See Details:
Bill payers to stump up cost of £100m water usage campaign
-
FILE PHOTO: Soccer Football – FIFA Women’s World Cup Australia and New Zealand 2023 – Group B – Canada Training – Olympic Park, Melbourne, Australia – July 24, 2023 Canada’s Christine Sinclair during training REUTERS/Hannah Mckay/File Photo (Reuters) – BC Place in Vancouver, British Columbia, will be renamed “Christine Sinclair ...
See Details:
Soccer-Venue renamed 'Christine Sinclair Place' for Canada soccer great's final game
-
Michael van Gerwen is hunting down a fourth World Championship title (Picture: Getty Images) Michael van Gerwen is Phil Taylor’s tip to lift the World Darts Championship trophy for a fourth time in January, expecting a backlash from the recent defeat in the Players Championship Finals. The 2024 World Championship ...
See Details:
Phil Taylor makes his pick for 2024 World Darts Championship winner
-
Michael van Gerwen is hunting down a fourth World Championship title (Picture: Getty Images) Michael van Gerwen is Phil Taylor’s tip to lift the World Darts Championship trophy for a fourth time in January, expecting a backlash from the recent defeat in the Players Championship Finals. The 2024 World Championship ...
See Details:
Soccer-Howe aims to boost Newcastle's momentum in PSG clash
-
Michael van Gerwen is hunting down a fourth World Championship title (Picture: Getty Images) Michael van Gerwen is Phil Taylor’s tip to lift the World Darts Championship trophy for a fourth time in January, expecting a backlash from the recent defeat in the Players Championship Finals. The 2024 World Championship ...
See Details:
Hamilton heads for hibernation with a word of warning
-
Michael van Gerwen is hunting down a fourth World Championship title (Picture: Getty Images) Michael van Gerwen is Phil Taylor’s tip to lift the World Darts Championship trophy for a fourth time in January, expecting a backlash from the recent defeat in the Players Championship Finals. The 2024 World Championship ...
See Details:
Carolina Panthers fire head coach Frank Reich after 1-10 start to the season
-
Michael van Gerwen is hunting down a fourth World Championship title (Picture: Getty Images) Michael van Gerwen is Phil Taylor’s tip to lift the World Darts Championship trophy for a fourth time in January, expecting a backlash from the recent defeat in the Players Championship Finals. The 2024 World Championship ...
See Details:
This exercise is critical for golfers. 4 tips to doing it right
-
Michael van Gerwen is hunting down a fourth World Championship title (Picture: Getty Images) Michael van Gerwen is Phil Taylor’s tip to lift the World Darts Championship trophy for a fourth time in January, expecting a backlash from the recent defeat in the Players Championship Finals. The 2024 World Championship ...
See Details:
One in three households with children 'will struggle to afford Christmas'
-
OTHER NEWS
Kobbie Mainoo made his first start for Man Utd at Everton (Photo: Getty) The Football Association are reportedly confident that Manchester United starlet Kobbie Mainoo will choose to represent England ...
Read more »
Michael Smith will begin the defence of his world title on the opening night (Picture: Getty Images) The 2024 World Darts Championship is less than three weeks away and the ...
Read more »
For the first time a long haul commercial aircraft is flying across the Atlantic using 100% sustainable aviation fuel (SAF). A long haul commercial flight is flying to the US ...
Read more »
The King has met business and finance leaders from across the world at a Buckingham Palace reception to mark the conclusion of the UK’s Global Investment Summit. Charles was introduced ...
Read more »
After Ohio State’s 30-24 loss to Michigan Saturday, many college football fans were wondering where Lou Holtz was. In his postgame interview after the Buckeyes beat Notre Dame 17-14 in ...
Read more »
Darius Slay wouldn’t have minded being penalized on controversial no-call No matter which team you were rooting for on Sunday, we can all agree that the officiating job performed by ...
Read more »
New England Patriots quarterback Mac Jones (10) Quarterback Mac Jones remains committed to finding success with the New England Patriots even though his future is up in the air following ...
Read more »
