Windows Users Warned To Update Now As 'Complete Control' Hack Attack Confirmed

Another day, another threat for Microsoft Windows users. Earlier this month https://www.forbes.com/sites/daveywinder/2019/08/11/critical-windows-10-warning-confirmed-millions-of-users-are-at-risk/" style="box-sizing: border-box; background-color: transparent; cursor: pointer; color: rgb(0, 56, 145); -webkit-tap-highlight-color: rgba(0, 0, 0, 0);">it was confirmed that a common design flaw within the hardware device drivers from multiple vendors, impacting users of all modern versions of Windows, could lead to system compromise. Now all users are being warned that attackers with minimal technical skill can gain complete control of a Windows system as an old remote access trojan (RAT) gets a new lease of life.

Newly released in a modified format, this cracked RAT brings yet another hack attack tool onto the dark web; and this time around it's totally free of charge.

A brief history of this cracked RAT

The NanoCore RAT has been floating around the shady world of cybercrime for many years, offering a lot of bang for the buck. Initially sold for $25 (£20) it was a cheap option in a crowded marketplace where $250 (£200) wasn't considered too expensive for a tool that could compromise a system running on the Windows OS using weaponized emails as the infection vector.

However, NanoCore really started to grab the attention of threat actors and security researchers alike when https://www.symantec.com/connect/blogs/nanocore-another-rat-tries-make-it-out-guttera cracked version appeared on underground forums in February 2014 and caused a spike in detection rates amongst vendors. Within a year, the "premium plugins" that came with the full-price version of NanoCore were also added into this free for all mix.



The popularity of this particular RAT eventually led to the https://www.bleepingcomputer.com/news/security/author-of-nanocore-rat-pleads-guilty-in-court/FBI arrest of Taylor Huddleston in 2017, the NanoCore coder, who https://www.documentcloud.org/documents/3901131-Huddleston-Statement-of-Facts.htmlconfessed to having "knowingly and intentionally aided and abetted unlawful computer intrusions." Huddleston was later sentenced to 33 months in prison.

As is often the case in the murky world of cybercrime where there truly is no honor amongst thieves, NanoCore continued to take on a life of its own. As well as spawning hacking tool variants including https://krebsonsecurity.com/2018/07/luminositylink-rat-author-pleads-guilty/" LuminosityLink RAT and https://www.bleepingcomputer.com/news/security/surprise-ransomware-installed-via-teamviewer-and-executes-from-memory/Surprise Ransomware, researchers from LMNTRX Labs have now discovered a newly modified version of the original being distributed on the dark web free of charge.



What can NanoCore v1.2.2 do?

The LMNTRX researchers https://www.lmntrix.com/Lab/Lab_info.php?id=126reported how the cracked NanoCore RAT is controlled through a very user-friendly interface that "lowers the barrier for entry and enables even the most amateur hackers to weaponize emails and kick off their own campaigns."

Confirming that LMNTRX Cyber Defense Centre analysts had observed "an explosion of campaigns using the malware," since it was first advertised in April, the researchers went on to detail the features of the RAT.

These include the ability to remotely shut down and restart a Windows computer, remotely browse files on the infected machine, access to and control of the Task Manager, Registry Editor and even the mouse. An attacker can also open web pages, disable the webcam activity light to be able to spy on the victim unnoticed and capture that video and audio at will. Then there's the ability to recover passwords and obtain login credentials using a keylogger. Oh, and a remotely operated "locker" with custom encryption that can act like ransomware.

What can you do to mitigate the new NanoCore threat?

Luckily, because NanoCore has been around for many years, the techniques it uses to compromise systems are already well-known. The LMNTRX team broke these down into three main categories, namely scripting, registry keys and malicious attachments. The scripting threat can be mitigated by checking Microsoft Office files for macro code as well as watching out for the "anomalous execution of legitimate scripting programs, such as PowerShell or Wscript." Monitoring the Registry for changes to run keys outside of known update and patch cycles is also recommended, along with implementing security protection that uses behavioral detection of malicious attachments.

More broadly, Windows users are advised to “update now.” Which means ensuring that all software applications are running the latest updated versions for starters. And, despite the reported https://www.forbes.com/sites/daveywinder/2019/08/17/microsoft-confirms-update-warning-for-windows-10-windows-81-and-windows-7-users/problems concerning the latest Patch Tuesday update, for Windows 10, 8.1 and 7 users, it is also recommended that you ensure your Windows OS is fully patched and updated.

 

Read Original Article...

Apple Repairs and Service
Member of the Internet Defense League

BitcoinCash Accepted

download