The Products of An Indian Software Company were Compromised to Spread Data-Stealing Malware
The Products of An Indian Software Company were Compromised to Spread Data-Stealing Malware
Information-stealing malware has been distributed through trojanized installers for three distinct software products created through an Indian corporation named Conceptworld.
According to cybersecurity firm Rapid7, which identified the supply chain compromise on June 18, 2024, the installers match the versions of Notezilla, RecentX, and Copywhiz. Conceptworld has since resolved the matter within 12 hours of responsible disclosure, as of June 24.
The company stated that the installers had been trojanized to launch information-stealing malware that has the ability to acquire and execute additional payloads. It also noted that the malicious versions had a larger file size than their genuine counterparts.
In particular, the malware is capable of stealing browser credentials and cryptocurrency wallet data, logging clipboard contents and inputs, and downloading and executing additional payloads on infected Windows hosts. It also establishes persistence by executing the primary payload every three hours through a scheduled task.
The method by which the official domain “conceptworld[.]com” was compromised in order to stage the counterfeit installers is presently unknown. The user is prompted to continue with the installation procedure of the software after it is launched. Additionally, the software is intended to release and execute a binary file named “dllCrt32.exe” that is responsible for executing a batch script named “dllCrt.bat.”
Additionally, it is configured to execute an additional file (“dllBus32.exe”), which creates connections with a command-and-control (C2) server and includes the ability to take sensitive data, as well as retrieve and execute additional payloads, in addition to establishing persistence on the machine.
This involves the collection of credentials and other information from a variety of cryptocurrency wallets, such as Atomic, Coinomi, Electrum, Exodus, and Guarda, as well as Google Chrome and Mozilla Firefox. It is also capable of logging keystrokes, capturing clipboard contents, and extracting files that match a specific set of extensions (.txt,.doc,.png, and.jpg).
“The malevolent installers found in this case are unregistered and have a file size that is different from the versions of the legitimate installer,” according to Rapid7.
It is advised that users who have downloaded an installer for Notezilla, RecentX, or Copywhiz in June 2024 inspect their systems for indications of compromise and take the necessary steps to reverse the malicious modifications, such as re-imaging the affected systems.
About The Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blog, he’s also written for brands including CollegeDunia, Utsav Fashion, and NASSCOM. Naager entered the field of content in an unusual way. He began his career as an insurance sales executive, where he developed an interest in simplifying difficult concepts. He also combines this interest with a love of narrative, which makes him a good writer in the cybersecurity field. In the bottom line, he frequently writes for Craw Security.
READ MORE ARTICLE HERE
Chinese Hackers are Taking Advantage of the Zero-Day Vulnerability of CISCO Switches to Spread Malware.
Caution: A Female Professor Shocked as She Was Duped of ₹48 Lakhs in No Time
About Author
English