Updated on 2022-10-06
Researchers from Kaspersky recently looked into less-commonly used vectors of infection in malware campaigns. The methods include infection through malicious torrents (CLoader), infections through a fake TOR browser (OnionPoison), and as backdoored and signed benign tool (AdvancedIPSpyware).
Note
- A posture of only allowing connections to approved services and protocols goes a long way to mitigating this type of risk. In a zero-trust world this protection moves to the endpoint but you still need centralized control and visibility, implement similar controls at your perimeter for devices which lack the capacity to do it locally. Yes this requires the ability to dynamically update that rule set, (so you need a good threat feed) consider a default deny posture as it is likely to have fewer services go bad and need blocking.
Read more in
- Uncommon infection and malware propagation methods
- Backdoored version of popular network admin tool hits 80 organizations around the globe
Updated on 2022-10-05
A renowned Chinese language YouTube channel was found propagating a trojanized version of a Windows installer for Tor browser. Dubbed OnionPoison, the campaign has been going on since at least March. Read more: OnionPoison: infected Tor Browser installer distributed through popular YouTube channel
Overview: OnionPoison
Kaspersky researchers said they identified a campaign that distributed spyware-laced versions of the Tor Browsers via a popular Chinese YouTube channel. Named OnionPoison, the spyware collected data such as browsing history, social networking account IDsm and Wi-Fi network identifiers, but did not bother to collect more sensitive information such as user passwords, cookies, or wallet information. Read more: OnionPoison: infected Tor Browser installer distributed through popular YouTube channel