silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,210
A suspected Chinese advanced persistent threat (APT) group has been spotted attacking tech companies using a trojanized screen-reader application, replacing the built-in Narrator “Ease of Access” feature in Windows.
The attackers also deploy a version of the open-source malware known as the PcShare backdoor to gain an initial foothold into victims’ systems.
Using the two tools, the adversaries are able to surreptitiously control Windows machines via remote desktop logon screens, without the need for credentials.
The attacks begin by delivering the PcShare backdoor to victims via spearphishing campaigns. It has been modified and designed to operate when side-loaded by a legitimate NVIDIA application.
‘Narrator’ Windows Utility Trojanized to Gain Full System Control
An active APT campaign aimed at tech companies is underway, which also uses a legitimate NVIDIA graphics function.
threatpost.com