virus – Page 2 – Scriptingthewhy.com

Caller ID is Inop, Please Try Again.

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

Oh a new post, I guess I get to see what all this Scriptingthewhy nonsense is about.
Photo by Mike Jones, please support by following @pexel.com

Scammers are trying to get people with the old hook, line, and sinker. Phishing emails aren’t the only thing you have to be on the lookout for, well, in this case, keeping an ear out for.

Scammers have turned to fishing phone calls to lure potential victims into giving most if not all their information. We will be looking at what kind of attack this is, who used it, the functionality, and effects upon release, and what are some ways to keep safe when you’re just trying to use the phone to call Nana.

Who are these people that keep calling me fam?
Photo by Liliana Drew, please support by following @pexel.com

The Attack

What are the latest attacks on the internet coming up like gas prices and rising panic of the future? Look no further than what’s called “vishing.” This version has been named “LetsCall”. If you’re under a rock and have no clue, don’t worry, we got you.

Vishing is similar to email phishing; this is the act of posing as someone the victim may know or a reputable business in hopes they fall victim and leak sensitive information.

Vishing is done differently because this attack uses the phone instead of sending the victim a letter saying “I’m a prince with a lot of money and I need your account to hide it in.” And before you ask, yes, people still fall for that.

Hello, it’s me. I was wondering if all these years you’d like to meet.
Photo by Tan Danh, please support by following @pexel.com

Who Can It Be Now

Since its release on the market and a lot of threat actors are using it, no one person or group has been made a name for using it but that doesn’t mean someone won’t slip up in the future.

It is believed that the group of threat actors consists of both front-and-backend developers, designers, and operators who specialize in voice social engineering.

This is a nice little mix of; down let your guard down but don’t get your hopes up.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

When it comes to the world, it’s a game of chess.
Photo by Pixabay, please support by following @pexel.com

That Sinking Feeling

LetsCall has been used to target users in South Korea but given how crafty it is, it’s believed that attacks have expanded since its release to European Union countries. This is a growing concern because LetsCall comes ready to go out of the box and this means anyone can use it.

It has been noted that there are three parts to this attack. The first step is, as with many phishing attempts where a fake site is created for the victim to interact with, in this case, it’s the Google Play Store. From there they download the first portion of the application chain attack.

Once the application is installed and run, it redirects all incoming calls to a call center controlled by the threat actors. In the call center, there are trained operators posing as bank employees, this is done with the intent to extract sensitive bank information.

To facilitate connections and bypass firewalls, threat actors make use of the Voice over Internet Protocol (VoIP)— is a technology that allows the user to make internet-based calls instead of using a standard phone, and Web Real-Time Communication (WebRTC)—which allows for audio and video to work within webpages by allowing peer-to-peer communication.

So in short, once this is on your phone, the only people you will be able to contact is the call center.

When it comes to your information, operate with top secret clearance.
Photo by Caleb Oquendo, please support by following @pexel.com

The Prevention

At this point, we’re assuming you don’t want to make friends with people from a random call center and you’re looking to protect yourself. A good form of protection is to use and do not disclose your 2MFA (Two-Multifactor Authentication), password, and any other possibly sensitive information.

Check your caller ID before answering as you could more likely tell by the number that it’s a scammer calling you. If you choose to engage with the scammers, explore how much information they are willing to give you regarding their full name, the company they’re working for, and the reason pertaining to the call, and request an extension number in case the call drops.

You should red flag anyone requesting payment via prepaid or gift cards as this will be the payment method of scammers and not a legitimate organization. Any questionable or suspicious interaction should be documented, and authorities should be involved.

Remember, the best kept secrets are the ones no one finds out about.
Photo by Ty Huynh, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed on LetsCall? Script a comment below.

Cloud Talk, Programming, Security, Tech

The RedClouds Are Coming!

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

I TOLD YOU ALL TO READ THESE SCRIPTS AND ONW THE REDS ARE COMING! WHY DIDN’T YOU SUBSCRIBE LIKE YESTERDAY!?
Photo by Moose Photos, please support by following @pexel.com

Here we go again, with a well-known product and manufacturer comes the threat of great risk. This one is especially true if you part take in the use of Dells’ computers.

Information stealing malware isn’t anything new but with the current economy and threat actors wanting your information, the use of them has been on the rise.

We’re going to look at what kind of attack this is, who is using it, the functionality and effects upon release, and what are some ways you can at least try to keep your information safeguarded from this erection of threats.

Guys, we’re just serving up malware and trojans today. I hope you’re cool with that.
Photo by Clem Onojeghuo, please support by following @pexel.com

The Attack

The newest and hottest malware on the market looking to capture the heart of your data and forward it to the hands of someone else is called RDStealer. RDStealer does this by infecting the RDP server and watching the connections taking place.

For those unfamiliar with RDP, which is Remote Desktop Protocol, this is the network connection protocol that was offered by Microsoft, its purpose is to allow users to perform remote operations on other computers.

There has been some confusion about RDP vs VPN (Virtual Private Network) but in an effort to clear things up the difference is this, VPNs offer access to all resources on the network, these are items like file servers, printers, and company/organization websites meanwhile RDP offers only access to the resources on the given computer it’s connected to. In short, VPN access the network, and RDP access the computer.

There’s trouble on the horizon…or on the curve depending on how you view the Earth.
Photo by Pixabay, please support by following @pexel.com

Who Can It Be Now

At the moment of its “RedClouds” campaign, there is no one individual or group named for making use of RDStealer. However, while it’s campaigning its RedClouds, the malware will run a check to see if it detects a remote machine connected to a server and CDM (Client Drive Mapping). If “Enabled client drive mapping” is not enabled, then the client will deny the connection to the client’s file system. Meaning no check, no go.

RDStealer can collect keystrokes, and copy information from the clipboard data, and another dangerous thing to note is that it can target regardless of being client or server-side. When a network is infected, files in both “%WinDir%\System32%” and %PROGRAM-FILES% are filled in and could be filled with files and folders that could be excluded in a full-system scan.

This means these malicious files could hide under the radar during a scan. Afterward, there are a number of attack vectors, aside from the CDM, RDStealer can begin from web advertisements, email attachments, and social engineering methods. Moreover, like your hair, if you have any, don’t let your guard down as there will likely be more variety in the days to come.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

Geez, I could never be a hacker. There’s so many things to choose from.
Photo by Craig Adderley, please support by following @pexel.com

The Sinking Feeling

Speaking on variety, it has been noted that threat actors use a custom version of this malware which utilizes the redirection feature which is done by watching the RDP connection and auto stealing from the local drives once a connection is made.

There are five modules that make up RDStealer which are a keylogger, persistence establisher, data theft, and exfiltration staging model, a clipboard content capturing tool, and one controlling encryption/decryption functions, logging, and file manipulation utilities.

Out of all this just know that it’s recording every move made and can possibly deny access to certain information via encryption. Once activated the malware enters an infinite loop calling the “diskMounted” function, this checks the availability of the drives on the tsclient network shares.

If the malware finds any connection, it then notifies the command-and-control (C2) server and begins pulling data from the connection with the RDP client. This is that “having a roommate who is a few months behind on rent move out and take a couple of your belongings before they go” kind of situation.

Just be aware, things may be a tad bit different the next time you turn your computer on.

If the Reds are coming, then it’s time for some Blue team action. All about the Blues baby.
Photo by Mati Mango, please support by following @pexel.com

The Prevention

It is safe to assume that if you have used a remote desktop via RDP that at some junction your system has been exposed to the RedClouds campaign.

It is hard to catch RDStealer manually, but you can better protect your system by using tighter security protocols and performing full-system scans often. While it has been noted this malware particularly goes after Dell computers given that it is coded to run in the Dell directories it is best practice to exercise caution while on the web. Using a 2MFA (Multi-factor Authentication) when abled as this will make it less appealing for threat actors because they have more to try to work around. And finally, encryption of your information is a must as this also helps ward off threats like RDStealer. Your information may be in the cloud but that doesn’t mean RedClouds should have unauthorized access to it.

Scriptingthewhy helps keep me in the know, that’s how I knew not to buy you online and from a reputable source.
Photo by Samson Katt, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed on RDStealer? Script a comment below.

AI, Security, Tech

GoldAxe was wrong, here’s why…

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

Throughout the years, keep in mind, that we didn’t start the fire.
Photo by Brett Jordan, please support by following @pexel.com

Throughout the many years of us being on this planet, this rock, this existence, or whatever you would like to call it. The complexity of life hasn’t lessened with the release of the Matrix. If you haven’t seen the movie, check it out. It’s a really good movie, it just ugh, will have you question your whole existence. Like “What even am I?” Questioning life aside, you’re probably wondering what new and exciting way technology is being exploited and the possible way your information is being collected. With the recent brainwashing rise of getting everyone comfortable with using AI (artificial intelligence), facial recognition has been employed in scams. We don’t feel the threat in the great US because, well… too much violence (guns, bad, people, worse) but in a nutshell, be glad you don’t live in Thailand. They have a whole different banking system set up over there.

AI is learning what you like, it’s always watching.
Photo by Pixabay, please support by following @pexel.com

The Attack

Facial recognition, what is it? In simple terms, the device uses the images from your face that it captures so when it comes time for a function to be completed, the device knows that it is you and will complete that function or task. In complex terms; the device captures your images with the camera with an overlay of dots which are a kind of reference point for certain sectors of your face, stores them, finds key features from your face that pair up with the stored image data, this could be anything like a mole, birthmark, or beauty mark, (not sure if women still use that term nowadays), once the process is complete and everything checks out. Congrats, you got in. You are now the one. This whole process is done in ones and zeros and is done in nano-to-milliseconds, you don’t care but it’s still nice to know. We’re all nerds here, of course. Armed with the knowledge of what biometrics or an item of what it is, here’s the attack. Threat actors can use your likeness to get into many areas of your life. Areas such as your phone, financial institution, and pretty much anywhere that requires the use of your facial recognition. Alarming, we know, however, people tend to think “They won’t get anything from me, they’re just practicing.” That’s true if you’re getting robbed at an ATM, however, getting robbed online is a whole new and hard-to-catch ball game.

We see all your secret…purchases.
Photo by Almada Studio, please support by following @pexel.com

Who Can It Be Now

So, who would do something like this we can hear you ask. Clearly, they’re a monster although they might live in a poor country, and this might be a way for them to feed their family. Ha, guilt trip engaged, just because they’re the villain in your story doesn’t mean they’re a villain in others. A group by the name GoldFactory was factored in for the use of the trojan called “GoldPickaxe”, they were spotted some time ago in Thailand and maybe Vietnam. GoldPickaxe was created with the intent to collect face profiles, identification documents, and text messages from the victim’s phone. All of this gave them access to having great names like GoldDigger, GoldDiggerPlus, and GoldKefu given to them by researchers.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

I’m not into computers, but I want in on your wallet.
Photo by Basian Riccardi, please support by following @pexel.com

That Sinking Feeling

How does the GoldPickaxe work? As mentioned earlier, GoldPickaxe will infect the victim’s device and begin to collect any information pertaining to facial recognition, and this includes their ID card. Once this information is collected, the threat actor can then gain access to anything tied to the victim. This is a massive problem because, in Thailand, their banking system requires them to use facial recognition to access their accounts. So, pretty much, there’s no way around it, you have to use your face to withdraw or make a deposit.

Hackers are gonna hack.
Photo by Matthew DeVires, please support by following @pexel.com

The Prevention

You don’t want someone to use your face and make a withdrawal from your account? You may be wondering how you protect yourself from something like this happening to you. Since these play on 2MFA (2 multi-factor authentication), you would have to add another level of protection from threat actors having access to your accounts. The best way to think of this is having vault door upon vault doors to protect your valuables. A setup of this would be a password, SMS message verification, email verification, and facial recognition. It may seem like a lot of work to protect what’s important but it’s better than not having anything important to protect.

If you have gold, we’ll be coming for you. That’s GoldFactory’s stand.
Photo by Dakota Edwards, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed on GoldPickaxe? Script a comment below.