dChan
Anonymous ID: 84403b Jan. 21, 2021, 4:19 a.m. No.12648578   🗄️.is 🔗kun   >>8634 >>8641

7 Jan 2021 News

Trump Sex Scandal Video Is a RAT

 

Cyber-attackers are disguising malware as a video file depicting a fake sex scandal involving United States President Donald Trump.

 

The email-based attack was discovered by cybersecurity researchers at Trustwave who were reviewing their spam traps.

 

Targets are sent an email with the attachment “TRUMP_SEX_SCANDAL_VIDEO.jar”. Those who click on the malicious Java Archive (JAR) file unwittingly install the Qnode Remote Access Trojan (RAT) onto their computer.

 

Unusually, the title of the malicious file bore no resemblance to the subject of the email to which it was attached.

 

When the researchers opened the email “GOOD LOAN OFFER!!,” they expected to discover nothing more than an investment scam. However, attached to the email was an archive containing the malicious JAR file.

 

"We suspect that the bad guys are attempting to ride the frenzy brought about by the recently concluded Presidential elections since the filename they used on the attachment is totally unrelated to the email’s theme," wrote researchers.

 

An investigation into the attack revealed that the JAR file is a variant of a QRAT downloader researchers brought to the public's attention in August. Similarities between the new and old variants include Allatori Obfuscator's being used to obfuscate the JAR file and the installer of Node.Js's being retrieved from the official website nodejs.org.

 

As is the case with the old variants, researchers found that the new downloader supports Windows platforms only.

 

Researchers noted that while the Trump sex scandal email campaign used to deliver the malware "was rather amateurish," the new QRAT was more sophisticated than prior variants.

 

"This threat has been significantly enhanced over the past few months since we first examined it. To achieve the same end goal, which is to infect the system with a QNode RAT, the JAR file downloader characteristics and behavior were improved," wrote researchers.

 

The attackers ditched the string “qnodejs,” which can distinguish the files related to this threat. And, to avoid detection, they split up the malicious code of the downloader into different buffers inside the JAR.

 

Researchers advised email administrators to "take a hard line" against inbound JARs and to use their email security gateways to block them.

 

https://www.infosecurity-magazine.com/news/trump-sex-scandal-video-is-a-rat/

Anonymous ID: 84403b Jan. 21, 2021, 5 a.m. No.12648954   🗄️.is 🔗kun

Parler Claims Amazon Deliberately Left Security Hole for Hackers to Target Platform

 

Parler claims that Amazon deliberately left a security hole open, giving hackers the ability to target the social media platform’s inner workings.

 

Parler said in a court filing on Monday that Amazon deliberately left open Amazon Route 53, a Domain Name System web service, which invited hackers, according to a report by Washington Times.

 

“In other words, AWS essentially illuminated a large neon arrow directing hackers to Parler’s backup datacenters,” said Parler in the court filing.

 

“And the hackers got the message, launching an extremely large attack — one 250 times larger and 12-24 times longer than the average [Distributed Denial-of-Service] attack,” Parler added.

 

The social media platform went on to say that AWS later eliminated the Route 53 link, but that the damage was already done, as the “AWS-facilitated attack” made it clear to others that if they hosted Parler, they would experience hacks as well.

 

“AWS didn’t just put Parler up a creek without a paddle — it banished it up the Columbia River without a boat and made sure no other boats would be willing to come to the rescue,” said Parler in the court filing.

 

Amazon had booted Parler off its web hosting service Amazon Web Services (AWS), claiming that users on the platform might “incite violence” — a new narrative pushed by several tech giants in order to justify censoring, banning, and ostracizing political dissenters and competition.

 

Parler responded by filing a lawsuit against Amazon alleging that the tech giant’s decision was “motivated by political animus,” rather than a concern for public safety.

 

The social media platform has since resurfaced online following the registration of its domain with the web-hosting company Epik.

 

Parler still appears to be under construction, however, as the website currently displays a message from the company’s CEO, as well as from other investors of the social media site.

 

Last weekend, Parler CEO John Matze announced that the social media platform will be back soon, adding that “free speech is essential, especially on social media.”

 

https://www.breitbart.com/tech/2021/01/20/parler-claims-amazon-deliberately-left-security-hole-for-hackers-to-target-platform/