160*600

New Malware Uses Windows BITS Service to Stealthy Exfiltrate Data

 Cybersecurity researchers have discovered a new computer virus associated with the Stealth Falcon state-sponsored cyber espionage group that abuses a built-in component of the Microsoft Windows operating system to stealthily exfiltrate stolen data to attacker-controlled server.

Active since 2012, Stealth Falcon is a sophisticated hacking group known for targeting journalists, activists, and dissidents with spyware in the Middle East, primarily in the United Arab Emirates (UAE).

Dubbed Win32/StealthFalcon, named after the hacking group, the malware communicates and sends collected data to its remote command-and-control (C&C) servers using Windows Background Intelligent Transfer Service (BITS).

 

BITS is a communication protocol in Windows that takes unused network bandwidth to facilitate asynchronous, prioritized, and throttled transfer of files between machines in the foreground or background, without impacting the network experience.

BITS is commonly used by software updaters, including downloading files from the Microsoft servers or peers to install updates on Windows 10, messengers, and other applications designed to operate in the background.

According to security researchers at cyber-security firm ESET, since BITS tasks are more likely permitted by host-based firewalls and the functionality automatically adjusts the data transfer rate, it allows malware to stealthily operate in the background without raising any red flags

After successfully exfiltrating the stolen data, the malware automatically deletes all log and collected files after rewriting them with random data in order to prevent forensic analysis and recovery of the deleted data.

As explained in the report, Win32/StealthFalcon backdoor has not only been designed to steal data from the compromised systems but can also be used by attackers to further deploy more malicious tools and update its configuration by sending commands through C&C server.

Comments

Post a Comment

Popular posts from this blog

Image
How to Hack CCTV Private Cameras Hi Friends. Now a days CCTV cameras are used many place like shops, malls, offices, warehouse etc and more. for security reason and for many more purposes. This articles show you how to hack CCTV cameras. If search on Google for CCTV camera hacking , you will be find tricks for public CCTV camera hacking tricks. But here you will be hack private CCTV cameras Image via  fbcdn.net . Step 1 Download Angry Ip Scanner Angry Ip scanner is powerful GUI Port scanner . Angry Ip scanner available for all major OS. Download and Install Angry ip scanner Step 2 Choose Ip Address Range Its important that how to choose proper ip address range for CCTV camera hacking. CCTV cameras are connected with broadband internet connection. If your accessing broadband router then find your public ip address. Just type 'My IP' in Google or Bing search bar. Google will show your public ip address Here 77.247.181.165 is my public ip . So ip range...
Read more

How to hack whatsapp And how to prevent from being hacked

Image
Top 5 Ways to Hack WhatsApp Accounts Using Ethical Hacking How to hack WhatsApp accounts using Ethical hacking is probably one of the most searched things on the Internet. In this blog, we are going to look at how the security of WhatsApp can be compromised and how your data Disclaimer : This blog is totally meant for learning purposes. The techniques discussed here are to make you more informed and aware of the various malicious ways a hacker can exploit to steal your private information! Is hacking WhatsApp possible? WhatsApp is a cross-platform messaging service owned by Facebook and is developed by most intelligent developers. It has end-to-end encryption that enables only the sender and the receiver to see what is sent. It frequently resolves the security issues faced by users as well. Certain things cannot be controlled by developers. For example, if you tell someone your email password and that person misuses it, then it is not exactly hacking. Nonetheless, even in this case, pe...
Read more
Create free UNLIMITED phone numbers [No TextNow or TextPlus] Works for FB, IG, Twitter.. Step 1. Go to Twilio . Com Step 2. Click on “Get free API key” Step 3. Sign up with a disposable o real email, enter fake contact details if you want. Step 4. Receive confirmation email and verify. Step 5. Verify a number, I think you can put a TextNow number but I recommend putting yours because you can reuse it if you want to make another account. Step 5. It will ask you if you can code, just say yes. Step 6. Then, it will ask you why are you using Twilio for, choose “Send and receive sms” Step 6. Choose JavaScript as your programming language. Step 7. Get a trial number. Step 8. Input your trial number on FB phone verification. Important Step: To see your messages go to the top right corner of your screen, and you will see a bug Icon, click on it and then “Go to debugger” https://imgur.com/gallery/0yUvWAG Then you will see the events like this https://imgur.com/gallery/AdxU6W6 Now click the mos...
Read more