April 24, 2024 at 11:15AM North Korean threat actor Kimsuky exploited eScan antivirus’s update mechanism in a malware operation known as GuptiMiner. This involved a man-in-the-middle attack to deliver a malicious payload, enabling the deployment of backdoors and cryptocurrency miners in corporate networks. Despite eScan’s efforts to address the issue, new GuptiMiner infections persist. In … Read more
April 24, 2024 at 03:51AM A new malware campaign, called GuptiMiner, is using the eScan antivirus software’s updating mechanism to distribute backdoors and cryptocurrency miners, targeting large corporate networks. The campaign is linked to a North Korean hacking group Kimsuky. The malware uses sophisticated techniques and has evaded detection for at least five years. The … Read more
April 23, 2024 at 10:59AM North Korean hackers have exploited the eScan antivirus updating mechanism to plant backdoors on corporate networks. Using malware named GuptiMiner, they perform DNS requests, extract payloads, and exploit system-level privileges via eScan updates. The hackers have deployed various malware tools, including backdoors and a cryptocurrency miner. Avast researchers identified and … Read more