While the standard Cyber Security suite gets the job done, the Pro edition takes it to the next level. It’s well-equipped to deal with anything ranging from common viruses to elaborate and extremely dangerous attacks. Using the award-winning ESET solutions, this software is able to provide high-quality protection no matter what threat finds its way onto your device. If you don’t want to leave this risk in your life, use ESET Cyber Security Pro for Mac. Malware, viruses, ransomware, spyware, hackers, and scams are all around us, waiting for the perfect opportunity to slip by and harm your device or breach your privacy. ![]() This couldn’t be farther from the truth.Įven macOS operating systems are vulnerable to the dangers of our online world. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.Many Mac users believe their device is safe from malicious threats and attackers thanks to Apple’s integrated protection mechanisms. US-CERT and the FBI call this group HIDDEN COBRA.įor more technical information about WinorDLL64, check out the blog post “ WinorDLL64: A backdoor from the vast Lazarus arsenal?” on WeLiveSecurity. Researchers from AhnLab confirmed South Korean victims of Wslink in their telemetry, which is a relevant indicator, considering the traditional Lazarus targets and that ESET Research observed only a few detections.Īctive since at least 2009, this infamous North Korea-aligned group is responsible for high-profile incidents such as the Sony Pictures Entertainment hack, the tens-of-millions-of-dollars cyberheists in 2016, the WannaCryptor (aka WannaCry) outbreak in 2017, and a long history of disruptive attacks against South Korean public and critical infrastructure since at least 2011. ESET telemetry has seen only a few detections of the Wslink loader in Central Europe, North America, and the Middle East. The initially unknown Wslink payload was uploaded to VirusTotal from South Korea shortly after the publication of an ESET Research blog post on the Wslink loader. WinorDLL64 contains overlaps in both behavior and code with several Lazarus samples, which indicates that it might be a tool from the vast arsenal of this North Korea-aligned APT group. The Wslink loader listens on a port specified in the configuration and can serve additional connecting clients, and even load various payloads,” he adds. “The Wslink payload can be leveraged later for lateral movement, due to its specific interest in network sessions. As the wording suggests, a loader serves as a tool to load a payload, or the actual malware, onto the already compromised system,” explains Vladislav Hrčka, the ESET researcher who made the discovery. “Wslink, which has the filename WinorLoaderDLL64.dll, is a loader for Windows binaries that, unlike other such loaders, runs as a server and executes received modules in memory. ![]() ![]() Wslink’s payload can exfiltrate, overwrite, and remove files, execute commands, and obtain extensive information about the underlying system. The targeted region, and overlap in behavior and code, suggest the tool is used by the infamous North Korea-aligned APT group Lazarus. BRATISLAVA, MONTREAL - FebruESET researchers have discovered the WinorDLL64 backdoor, one of the payloads of the Wslink downloader.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |