Winnti Group Uses New PortReuse Malware Against Asian Manufacturer

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,147
Content source
https://www.bleepingcomputer.com/news/security/winnti-group-uses-new-portreuse-malware-against-asian-manufacturer/
ESET researchers who spotted the new malware dubbed PortReuse by Winnti Group also discovered that it is "a network implant that injects itself into a process that is already listening on a network port and waits for an incoming magic packet to trigger the malicious code."
Because PortReuse passively listens for a magic packet to activate it, this type of malware is also known as a passive network implant that will not interfere with legitimate traffic.
If it doesn't detect the packet designed to initiate its malicious behavior, PortReuse will not meddle with the compromised server's traffic and will automatically forward all uninteresting packets to the app that should receive them.
The backdoor malware is being dropped embedded in a .NET app designed to launch the Winnti packer shellcode, as a VB script that launches the shellcode using a .NET object, or in the form of "an executable that has the shellcode directly at the entry point."
Click to expand...
www.bleepingcomputer.com

Winnti Group Uses New PortReuse Malware Against Asian Manufacturer

Winnti Group hackers have updated their arsenal with a new modular Windows backdoor that they used to infect the servers of a high-profile Asian mobile hardware and software manufacturer.
www.bleepingcomputer.com www.bleepingcomputer.com
www.welivesecurity.com

Connecting the dots: Exposing the arsenal and methods of the Winnti Group

ESET researchers describe updates to the malware arsenal and campaigns of the Winnti Group known for its supply-chain attacks.
www.welivesecurity.com
 
  • Like
  • +Reputation
Reactions: upnorth, Andy Ful, [correlate] and 1 other person
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • +Reputation
    • Wow
'ShroudedSnooper' Backdoors Use Ultra-Stealth in Mideast Telecom Attacks
Replies
0
Views
1,240
News Archive
silversurfer
silversurfer
silversurfer
    • Like
    • +Reputation
FIN8 Group Using Modified Sardonic Backdoor for BlackCat Ransomware Attacks
Replies
0
Views
968
News Archive
silversurfer
silversurfer
silversurfer
    • Like
    • +Reputation
New malware variant has “radio silence” mode to evade detection
Replies
0
Views
493
News Archive
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top