Malware, Network Security

Malware distributed through ISP compromise

Share
(Adobe Stock)

Malware-laced automated software updates have been deployed by Chinese cyberespionage operation StormBamboo, also known as Daggerfly, Evasive Panda, and Storm Cloud, following the compromise of an unnamed internet service provider, according to BleepingComputer.

After conducting a DNS poisoning attack against the ISP, StormBamboo leveraged vulnerable HTTP software update mechanisms without digital signature validation to facilitate the installation of MACMA and MgBot malware to Windows and macOS systems, a report from Volexity revealed. Attacks also involved the distribution of a backdoored installer through a youtube-dl dependency update from 5KPlayer requests, as well as the installation of the browser cookie and mail data exfiltrating Google Chrome extension, dubbed "ReloadText." "Volexity observed StormBamboo targeting multiple software vendors, who use insecure update workflows, using varying levels of complexity in their steps for pushing malware," said researchers, who added that the DNS poisoning had already been averted by the vendor once the ISP conducted a reboot after being informed about the intrusion.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.