identity theft

Auto Added by WPeMatico

Hackers are targeting other hackers by infecting their tools with malware

A newly discovered malware campaign suggests that hackers have themselves become the targets of other hackers, who are infecting and repackaging popular hacking tools with malware.

Cybereason’s Amit Serper found that the attackers in this years-long campaign are taking existing hacking tools — some of which are designed to exfiltrate data from a database through to cracks and product key generators that unlock full versions of trial software — and injecting a powerful remote-access trojan. When the tools are opened, the hackers gain full access to the target’s computer.

Serper said the attackers are “baiting” other hackers by posting the repackaged tools on hacking forums.

But it’s not just a case of hackers targeting other hackers, Serper told TechCrunch. These maliciously repackaged tools are not only opening a backdoor to the hacker’s systems, but also any system that the hacker has already breached.

“If hackers are targeting you or your business and they are using these trojanized tools it means that whoever is hacking the hackers will have access to your assets as well,” Serper said.

That includes offensive security researchers working on red team engagements, he said.

Serper found that these as-yet-unknown attackers are injecting and repackaging the hacking tools with njRat, a powerful trojan, which gives the attacker full access to the target’s desktop, including files, passwords, and even access to their webcam and microphone. The trojan dates back to at least 2013 when it was used frequently against targets in the Middle East. njRat often spreads through phishing emails and infected flash drives, but more recently hackers have injected the malware on dormant or insecure websites in an effort to evade detection. In 2017, hackers used this same tactic to host malware on the website for the so-called Islamic State’s propaganda unit.

Serper found the attackers were using that same website-hacking technique to host njRat in this most recent campaign.

According to his findings, the attackers compromised several websites — unbeknownst to their owners — to host hundreds of njRat malware samples, as well as the infrastructure used by the attackers to command and control the malware. Serper said that the process of injecting the njRat trojan into the hacking tools occurs almost daily and may be automated, suggesting that the attacks are run largely without direct human interaction.

It’s unclear for what reason this campaign exists or who is behind it.

Web host Hostinger says data breach may affect 14 million customers

Hostinger said it has reset user passwords as a “precautionary measure” after it detected unauthorized access to a database containing information on millions of its customers.

The breach is said to have happened on Thursday. The company said in a blog post it received an alert that one of its servers was improperly accessed. Using an access token found on the server, which can give access to systems without needing a username or a password, the hacker gained further access to the company’s systems, including an API database. That database contained customer usernames, email addresses, and passwords scrambled with the SHA-1 algorithm, which has been deprecated in favor of stronger algorithms after researchers found SHA-1 was vulnerable to spoofing. The company has since upgraded its password hashing to the stronger SHA-2 algorithm.

Hostinger said the API database stored about 14 million customers records. The company has more than 29 million customers on its books.

The company said it was “in contact with the respective authorities.”

hostinger

An email from Hostinger explaining the data breach. (Image: supplied)

News of the breach broke overnight. According to the company’s status page, affected customers have already received an email to reset their passwords.

The company said that financial data was not compromised, nor was customer website files or data affected.

But one customer who was affected by the breach accused the company of being potentially “misleading” about the scope of the breach.

A chat log seen by TechCrunch shows a customer support representative telling the customer it was “correct” that customers’ financial data can be retrieved by the API but that the company does “not store any payment data.” Hostinger uses multiple payment processors, the representative told the customer, but did not name them.

Chief executive Balys Kriksciunas told TechCrunch that the remarks made by the customer support representative were “misleading” and denied any customer financial data was compromised. A company investigation into the breach, however, remains under way.

Updated with remarks from Hostinger.

Related stories: