Beware of this new Windows cyberattack. Here’s what you need to know about the Microsoft FLUX#CONSOLE Windows backdoor hacking campaign.
A new cyberattack, being tracked as FLUX#CONSOLE , exploits user concerns about tax issues to start an exploit that ends with a Windows management console backdoor payload. Here’s what you need to know about the attack methodology and mitigation.
are, unfortunately, not new. Putting them all together in one attack exploit, however, is far from commonplace. Where the FLUX#CONSOLE campaign breaks relatively unusual ground is, Securonix security researchers Den Luzvyk and Tim Peck, said, in “how the threat actors leverage Microsoft Common Console Document files to deploy a dual-purpose loader and dropper to deliver further malicious payloads.” The attackers used tax-themed document lures to trick victims into downloading and running malicious payloads. The attackers used the exploitation of Microsoft Common Console Document files to leverage the legitimate appearance of these to aid with detection evasion. A copied legitimate Windows process, Dism.exe, was used to sideload a malicious dynamic-link library file. The attackers maintained persistence by the use of scheduled tasks to ensure that the backdoor malware payload stayed active and survived system reboots once installed. Multiple layers of obfuscation were employed to sidetrack and complicate forensic analysis and hinder detection, including “highly obfuscated JavaScript, concealed DLL-based malware and C2 communications.”The attack likely starts with either a phishing email link or attachment, although the researchers were unable to obtain the original email the nomenclature used in the filenames suggested income tax deduction and rebates as the bait. The threat actors exploited Microsoft Management Console “snap-in files” that are ordinarily used for configuration of administrative tools in Windows; think Event Viewer, Task Scheduler and Device Manager, for example. “When double-clicked,” the analysis stated, “an .msc file automatically launches the MMC framework and executes the contained instructions.” This includes executing arbitrary code without explicit user consent. The researchers said that code execution began when the user double-clicked on a file called “Inside ARRVL-PAX-MNFSTPK284-23NOV.pdf.msc,” in the example they quoted, which masquerades as a PDF. This obfuscation was aided by the fact that “the setting for common extension visibility is disabled by default in modern versions of Windows,” the researchers said. What’s more, that obfuscation runs to avoiding antivirus detection, it would appear, with the malicious file .msc file only scoring “3/62 positive detections according to VirusTotal,” at the time of writing, according to the report. The FLUX#CONSOLE campaign highlights the persistent use of modern obfuscation techniques in malware development, the Securonix analysis concluded, and “serves as a reminder ofTo mitigate the Windows backdoor threat this campaign poses, Securonix recommended users avoid downloading files or attachments from external sources, especially if the source was unsolicited. “As .msc files were leveraged,” the researchers said, “look for unusual child processes spawning from the legitimate Windows mmc.exe process.” Securonix also strongly recommended the deployment of “robust endpoint logging capabilities to aid in PowerShell detections,” including “leveraging additional process-level logging such as Sysmon and PowerShell logging for additional log detection coverage.”Our community is about connecting people through open and thoughtful conversations. We want our readers to share their views and exchange ideas and facts in a safe space.Insults, profanity, incoherent, obscene or inflammatory language or threats of any kindContinuous attempts to re-post comments that have been previously moderated/rejectedAttempts or tactics that put the site security at riskProtect your community.
Windows Hack Windows MSC Wimndows Backdoor Tax 2024 Phishing Microsoft Warning Securonix Threat Intel Flux#Console
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Microsoft’s New Windows 11 Decision—Millions Of Passwords To Be ReplacedDavey Winder is a technology journalist who covers cybersecurity news and research. He’s covered everything from the true story behind the hacking of Donald Trump’s nude photos to a record-breaking ransomware payment of $75 million.
Read more »
Microsoft’s New Windows 11 Decision—Millions Of Passwords To Be ReplacedDavey Winder is a technology journalist who covers cybersecurity news and research. He’s covered everything from the true story behind the hacking of Donald Trump’s nude photos to a record-breaking ransomware payment of $75 million.
Read more »
Microsoft’s New Update—Bad News Confirmed For 400 Million Windows UsersZak Doffman has covered security, surveillance and privacy on Forbes since 2018, focusing on the latest updates from the world’s largest tech companies, staying safe on smartphones and social media, and the dangers of AI.
Read more »
Microsoft is giving Copilot a new taskbar UI and keyboard shortcut on WindowsMicrosoft is changing how Copilot works on Windows yet again. A new update includes a quick view UI and a new keyboard shortcut.
Read more »
New Windows 0Day Attack Strikes—Microsoft Warns Millions To Update NowAs a zero-day security vulnerability posing significant risk to users is confirmed as under active exploitation—the DHS has urged all organizations to update now.
Read more »
New Critical Windows Defender Vulnerability Confirmed By MicrosoftMicrosoft has confirmed a critical vulnerability in Windows Defender that could leak file content data but advised users to do nothing—here’s why.
Read more »