Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Security Firm Discovers Secret Plan to Hack Numerous Websites and Forums
#1
[Image: security-firm-discovers-secret-plan-to-h...3186-2.jpg]

Security researchers from SurfWatch Labs have shut down a secret plan to hack and infect hundreds or possibly thousands of forums and websites hosted on the infrastructure of Invision Power Services, who are the makers of the IP.Board forum platform, now known as the IPS Community Suite.
The plan belonged to a malware coder known as AlphaLeon, who, at the start of March this year, started selling a new trojan called Thanatos.
Advertised as a MaaS (Malware-as-a-Service) rentable platform, to be attractive to its customers, Thanatos had to run on a very large number of infected hosts. In the infosec community, this structure is called a botnet, and the bigger it is, the easier it is to carry out all sorts of cyber-attacks.
AlphaLeon breached Invision Power Services servers
In order to increase the size of the Thanatos botnet, AlphaLeon needed to find a way to deliver the trojan to as many users as possible. For this, he devised a plan and later carried it out.
His idea consisted of finding and exploiting a vulnerability in the infrastructure of Invision Power Services (IPS), who offers its IPS Community Suite as a hosted platform, running on AWS (Amazon Web Services) servers.
After establishing a foothold on IPS' servers, AlphaLeon then intended to access the websites of IPS' customers and place an exploit kit on their pages. The exploit kit would automatically infect site visitors with the Thanatos trojan by leveraging vulnerabilities in the visitors (outdated) browsers and browser plugins.
IPS customers include large companies such as Evernote, the NHL, the Warner Music Group, Bethesda Softworks, and LiveNation. Besides classic IP.Board forums, IPS also allows customers to set up fully working sites, even e-commerce stores.
AlphaLeon: And I would have gotten away with it too if it weren't for those meddling kids
His plan was stopped short when SurfWatch Labs security experts got wind of his intentions while scanning the Dark Web. Researchers contacted IPS, who was unaware of the hacker's breach, discovered the entry point, and shut down his access. This incident happened at the start of April, and IPS is still in the process of investigating the breach.
According to the most recent Thanatos ads on the Dark Web, the trojan, which at the beginning of March was only a potent banking trojan, has now received new updates in the form of add-on modules.
These modules allow customers of the Thanatos botnet to launch DDoS attacks, deliver ransomware, access a victim's webcam, steal Bitcoin, send spam, or steal login credentials for various gaming platforms.
Our initial article on Thanatos also includes screenshots of the botnet's administration panel.



source
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Avast Threat Report Discovers Cybercriminals Using Common Applications mrtrout 0 897 05-20-2023 , 05:33 PM
Last Post: mrtrout
  Amnesty International links cybersecurity firm to spyware operation mrtrout 0 724 10-11-2021 , 10:02 PM
Last Post: mrtrout
  UK-based cybersecurity firm Avast in merger talks with NortonLifeLock mrtrout 0 842 07-15-2021 , 07:44 AM
Last Post: mrtrout
  Claroty discovers vulnerabilities in Ovarro TBox RTUs Bjyda 0 817 03-30-2021 , 03:55 PM
Last Post: Bjyda
  McAfee sells its enterprise cybersecurity business to private equity firm for $4B mrtrout 0 978 03-09-2021 , 04:45 AM
Last Post: mrtrout



Users browsing this thread: 1 Guest(s)