A nascent service called Dark Utilities has already attracted 3,000 users for its ability to provide command-and-control (C2) services with the goal of commandeering compromised systems.
一项名为Dark Utilities的新兴服务已经吸引了 3,000 名用户,因为它能够提供命令和控制 (C2) 服务,以征用受损系统。
“It is marketed as a means to enable remote access, command execution, distributed denial-of-service (DDoS) attacks and cryptocurrency mining operations on infected systems,” Cisco Talos said in a report shared with The Hacker News.
思科 Talos在与 The Hacker News 分享的一份报告中表示: “它被营销为一种在受感染系统上启用远程访问、命令执行、分布式拒绝服务 (DDoS) 攻击和加密货币挖掘操作的手段。”
Dark Utilities, which emerged in early 2022, is advertised as a “C2-as-a-Service” (C2aaS), offering access to infrastructure hosted on the clearnet as well as the TOR network and associated payloads with support for Windows, Linux, and Python-based implementations for a mere €9.99.
Dark Utilities 于 2022 年初出现,被宣传为“C2 即服务”(C2aaS),提供对托管在 clearnet 上的基础设施以及 TOR 网络和相关有效负载的访问,并支持 Windows、Linux、和基于 Python 的实现仅需 9.99 欧元。
Authenticated users on the platform are presented with a dashboard that makes it possible to generate new payloads tailored to a specific operating system that can then be deployed and executed on victim hosts.
平台上经过身份验证的用户会看到一个仪表板,可以生成针对特定操作系统量身定制新的有效负载,然后可以在受害主机上部署和执行。
Additionally, users are provided an administrative panel to run commands on the machines under their control upon establishing an active C2 channel, effectively granting the attacker full access to the systems.
此外,还为用户提供了一个管理面板,可在建立活动 C2 通道后在其控制的机器上运行命令,从而有效地授予攻击者对系统的完全访问权限。
The idea is to enable threat actors to target multiple architectures without requiring significant development efforts. Also extended to its customers are technical support and assistance through Discord and Telegram.
这个想法是使攻击者能够针对多个架构而不需要大量的开发工作。还通过Discord 和 Telegram向其客户提供技术支持和帮助。
“Given the relatively low cost compared to the amount of functionality the platform offers, it is likely attractive to adversaries attempting to compromise systems without requiring them to create their own C2 implementation within their malware payloads,” the researchers noted.
研究人员指出:“鉴于与平台提供的功能数量相比,成本相对较低,它可能对试图破坏系统而不要求他们在其恶意软件有效负载中创建自己的 C2 实现的对手有吸引力。”
To add fuel to the fire, the malware artifacts are hosted within the decentralized InterPlanetary File System (IPFS) solution, making them resilient to content moderation or law enforcement intervention in a manner similar to “bulletproof hosting.”
为了火上浇油,恶意软件组件托管在分散的IPFS解决方案中,使其以类似于“防弹托管”的方式对内容审核或执法干预具有弹性。
“IPFS is currently being abused by a variety of threat actors who are using it to host malicious contents as part of phishing and malware distribution campaigns,” Talos researcher Edmund Brumaghin told The Hacker News.
Talos 研究员 Edmund Brumaghin 告诉黑客新闻:“IPFS 目前正被各种威胁行为者滥用,他们使用它来托管恶意程序,作为网络钓鱼和恶意软件分发活动的一部分。”
“[The IPFS gateway] enables computers on the internet to access contents hosted within the IPFS network without the requirement for a client software installation, similar to how Tor2Web gateways provide that functionality for content hosted within the Tor network.”
“[IPFS 网关] 使 Internet 上的计算机无需安装客户端软件即可访问 IPFS 网络中托管的内容,类似于 Tor2Web 网关如何为 Tor 网络中托管的内容提供该功能。”
Dark Utilities is believed to be the handiwork of a threat actor who goes by the moniker Inplex-sys in the cybercriminal underground space, with Talos identifying some sort of a “collaborative relationship” between Inplex-sys and one of the operators of a botnet service called Smart Bot.
Dark Utilities 被认为是在网络犯罪地下空间中使用绰号 Inplex-sys 的攻击者的杰作,Talos 确定了 Inplex-sys 与僵尸网络服务运营商之一之间的某种“合作关系”称为智能机器人。
“Platforms like Dark Utilities lower the barrier to entry for cybercriminals entering the threat landscape by enabling them to quickly launch attacks targeting a variety of operating systems,” the researchers said.
研究人员说:“像Dark Utilities这样的平台降低了网络犯罪分子进入威胁领域的门槛,使他们能够快速发起针对各种操作系统的攻击。”。
“They also offer multiple methods that can be used to further monetize access gained to systems in corporate environments and could lead to further deployment of malware in the environment once initial access has been obtained.”
“它们还提供了多种方法,可用于进一步从企业环境中获得的系统访问中获利,一旦获得初始访问,可能会导致恶意软件在环境中进一步部署。”
我有三宝,持而保之:一曰慈,二曰俭,三曰不敢为天下先。
——《道德经.第六十七章》
本文翻译自:
https://thehackernews.com/2022/08/a-growing-number-of-malware-attacks.html
如若转载,请注明原文地址
翻译水平有限 :(
有歧义的地方,请以原文为准 :)
来源:FullHouse杂货铺
声明:本站部分文章及图片转载于互联网,内容版权归原作者所有,如本站任何资料有侵权请您尽早请联系jinwei@zod.com.cn进行处理,非常感谢!