详细内容或原文请订阅后点击阅览
connectunwise:威胁参与者滥用连接作为签名恶意软件的建造者
自2025年3月以来,使用有效签名的连接样品的感染和虚假应用已显着增加。我们揭示签约惯例如何使威胁参与者滥用此合法软件来构建和分发自己的签名恶意软件以及安全供应商可以采取什么措施来检测它们。
来源:G DATA _恶意软件根据收集的样本及其命名方案,我们观察到某些模式可能是感染媒介。
假安装程序
540c9ae519ed2e7738f6d5b88b29fb7a86ebfce67914691ce17be62a9b228e0a,ZoomInstallerFull.exe
55a228f22f68b8a22967cc5b8b2fcbea66fcaf77bebedfb1f89cd134a0268653,zoom_meetingconnect.exe
C0c48de11bc4b70fb546b9a76b6126a355c0a0f4b45ed6b6564d8f3146c9f0af, ZoomInstaller-x64.exe
67b909bbcce486baba59d66e3b4ec4c74dd64782051a41198085a5b3450d00c9,OneDriveSetup.exe
b1c36552556a69ec4264d54be929e458c985b83bbc42fe09714c6dce825ac9a7, MicrosoftExcel.ClientSetup.exe
D37e804938cf0a11c111832b509fbecf8a0f3e9373133be108d471d45db75de8,Adobe-Update-ClientSetup.wSZQ5iHP.exe.part
b61aed288b4527b15907955c7521ff63cc0171087ac0f7fea6c7019a09c96c04,Adobe.ClientSetup_v7.-2.7.exe
6bce39b7d7552dbacbb4bdf06b76b4fed3fbb9fe4042b81be12fbdff92b8d95c,SSA Viewer.exe
虚假视频或电影客户端
6aa1b9f976624f7965219f1a243de2bebb5a540c7abd4d7a6d9278461d9edc11,Creation_Made_By_CanvaAI.mp4 Canva.com
8fc8727b6ddb28f76e46a0113400c541fb15581d2210814018b061bb250cc0e6,FULL_MOVIE_DOWNLOAD.exe
5da9a0d0830c641ffda6be3be7733de469418abedc6fac0cfcd76ba49f8ade2e,P0RN-vidz.Client.exe
72fe38ad67a26cfd89d1bfc744d33f80277e8eb564b5b92fdac46a9a24d845f3,P0RN-vid.Client.exe
5ccc9ef3e8f7113469f4a46c3aca3939fd53b3561a9fd8ffacd531aa520c5921,FULL_MOVIE_WATCH_NOW.exe
23ff4f91db852b07c7366a3c3b8be0bade2befccbfea7e183daadb5e31d325c0, 网络摄像头 zu.exe 的 Schau mir jetzt nackt
虚假文档
41037935246da6f43615d93912bc62811c795ea4082a2bfdbf3eda53a012666e,Social_Security_Statement_873164.exe
98e3f74b733d4d44bec7b1bf29f7b0e83299350143ff1e05f0459571cb49c238,Statement.pdf.Client.exe
d6844a6050d5f6c20a3fe12df28e53a2e46559e6c5017576022372e35ab44ff5, SSA-statement-osu5ma6.PDF`.exe
573f1eefac3079790a9ab40bdd3530ce34b1d2d1c6fa6703a5a8d81cb190a458,BarryStatementPDF.exe
F55c6160ed57a97c4f0e1c6aa6e3f8f01a966e96a99a29e609ec60e63be11889,FATURA-255441144227D55224QO02GX6QL.com