New LOBSHOT malware gives hackers hidden VNC access to Windows devices

CyberTech

CyberTech

Level 44
Thread author
Verified
Top Poster
Well-known
Nov 10, 2017
3,250
Content source
https://www.bleepingcomputer.com/news/security/new-lobshot-malware-gives-hackers-hidden-vnc-access-to-windows-devices/
A new malware known as ‘LOBSHOT’ distributed using Google ads allows threat actors to stealthily take over infected Windows devices using hVNC.

Earlier this year, BleepingComputer and numerous cybersecurity researchers reported a dramatic increase in threat actors utilizing Google ads to distribute malware in search results.

These advertising campaigns impersonated websites for 7-ZIP, VLC, OBS, Notepad++, CCleaner, TradingView, Rufus, and many more applications.

However, these sites pushed malware instead of distributing legitimate applications, including Gozi, RedLine, Vidar, Cobalt Strike, SectoRAT, and the Royal Ransomware.
Click to expand...

Full article
www.bleepingcomputer.com

New LOBSHOT malware gives hackers hidden VNC access to Windows devices

A new malware known as 'LOBSHOT' distributed using Google ads allows threat actors to stealthily take over infected Windows devices using hVNC.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • +Reputation
  • Like
Reactions: upnorth, vtqhtr413, [correlate] and 5 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,821
Interesting:
Once executed, the malware will check if Microsoft Defender is running, and if detected, terminate execution to prevent detection.

However, if Defender is not detected, the malware will configure Registry entries to start automatically when logging in to Windows and then transmit system information from the infected device, including running processes.
Click to expand...

The infection chain:
Google Ads ----> weaponized MSI installer ----> PowerShell -----> run DLL malware
is pretty common nowadays. This attack vector avoids using EXE files which are better detected by AVs.
 
Last edited:
  • Like
  • Wow
Reactions: simmerskool, CyberTech, vtqhtr413 and 2 others
You must log in or register to reply here.

Similar threads

upnorth
    • +Reputation
    • Like
Mac users open to Remote Control via Tricky macOS Malware; hidden VNC tool
Replies
2
Views
1,668
News Archive
vtqhtr413
vtqhtr413
Gandalf_The_Grey
    • Like
Security News Germany blocks BadBox malware loaded on 30,000 Android devices
Replies
0
Views
345
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • +Reputation
    • Like
Malware News New SteelFox malware hijacks Windows PCs using vulnerable driver
Replies
0
Views
513
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top