silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 11,043
Cybersecurity researchers are warning about a new malware that's striking online gambling companies in China via a watering hole attack to deploy either Cobalt Strike beacons or a previously undocumented Python-based backdoor called BIOPASS RAT that takes advantage of Open Broadcaster Software (OBS) Studio's live-streaming app to capture the screen of its victims to attackers.
The attack involves deceiving gaming website visitors into downloading a malware loader camouflaged as a legitimate installer for popular-but-deprecated apps such as Adobe Flash Player or Microsoft Silverlight, only for the loader to act as a conduit for fetching next-stage payloads.
Specifically, the websites' online support chat pages are booby-trapped with malicious JavaScript code, which is used to deliver the malware to the victims.
"BIOPASS RAT possesses basic features found in other malware, such as file system assessment, remote desktop access, file exfiltration, and shell command execution," Trend Micro researchers noted in an analysis published Friday. "It also has the ability to compromise the private information of its victims by stealing web browser and instant messaging client data."
OBS Studio is an open-source software for video recording and live streaming, enabling users to stream to Twitch, YouTube, and other platforms.
Hackers Spread BIOPASS Malware via Chinese Online Gambling Sites
Hackers spread BIOPASS spyware by compromising Chinese online gambling sites
thehackernews.com