* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Thursday, July 10, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    Immersive sports and entertainment venue Cosm set to build its 5th location in Cleveland – WKYC

    Cosm Reveals Exciting Vision for Its 5th Immersive Sports and Entertainment Venue in Cleveland

    Monumental Sports & Entertainment’s Samantha Brady on the Power of the RSN’s Direct-to-Consumer Streaming Service Monumental+ – Sports Video Group

    Samantha Brady Reveals How Monumental+ is Transforming Sports Streaming with Direct-to-Consumer Access

    Moses Singer Welcomes Entertainment and Intellectual Property Partner Frederick Bimbler – Yahoo Finance

    Moses Singer Expands Team with New Entertainment and Intellectual Property Partner Frederick Bimbler

    Longhua District and Max-Matching Entertainments, supported by RWS Global forge strategic partnership to develop international IP-themed entertainment complex – Amusement Today

    Longhua District and Max-Matching Entertainments, supported by RWS Global forge strategic partnership to develop international IP-themed entertainment complex – Amusement Today

    Government whip to withdraw Entertainment Complex Bill on July 9 – Nation Thailand

    Government whip to withdraw Entertainment Complex Bill on July 9 – Nation Thailand

    Magicians and Battlebots light up Las Vegas entertainment scene – KSNV

    Magicians and Battlebots Take Las Vegas Entertainment by Storm

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    SMPTE Opens Early Bird Registration for Media Technology Summit – TVTechnology

    SMPTE Launches Early Bird Registration for Exciting Media Technology Summit

    Google Fiber puts Nokia network slicing technology to the test – Fierce Network

    Google Fiber Puts Nokia’s Network Slicing Technology to the Ultimate Test

    Kaseya Extends Community Investment with Addition of Technology Marketing Toolkit – Kaseya

    Kaseya Extends Community Investment with Addition of Technology Marketing Toolkit – Kaseya

    AI and the Trust Revolution: How Technology Is Transforming Human Connections – Foreign Affairs

    AI and the Trust Revolution: How Technology Is Transforming Human Connections – Foreign Affairs

    Technology And Construction Names Join Top Stock Lists: Check Out Additions To IBD 50, Big Cap 20 And More – Investor’s Business Daily

    Technology and Construction Leaders Surge Into Top Stock Rankings: See the Latest Additions to IBD 50, Big Cap 20, and More

    Column: Teach kupuna new technology skills – Honolulu Star-Advertiser

    Empowering Kupuna: Unlocking New Technology Skills for a Connected Future

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    Immersive sports and entertainment venue Cosm set to build its 5th location in Cleveland – WKYC

    Cosm Reveals Exciting Vision for Its 5th Immersive Sports and Entertainment Venue in Cleveland

    Monumental Sports & Entertainment’s Samantha Brady on the Power of the RSN’s Direct-to-Consumer Streaming Service Monumental+ – Sports Video Group

    Samantha Brady Reveals How Monumental+ is Transforming Sports Streaming with Direct-to-Consumer Access

    Moses Singer Welcomes Entertainment and Intellectual Property Partner Frederick Bimbler – Yahoo Finance

    Moses Singer Expands Team with New Entertainment and Intellectual Property Partner Frederick Bimbler

    Longhua District and Max-Matching Entertainments, supported by RWS Global forge strategic partnership to develop international IP-themed entertainment complex – Amusement Today

    Longhua District and Max-Matching Entertainments, supported by RWS Global forge strategic partnership to develop international IP-themed entertainment complex – Amusement Today

    Government whip to withdraw Entertainment Complex Bill on July 9 – Nation Thailand

    Government whip to withdraw Entertainment Complex Bill on July 9 – Nation Thailand

    Magicians and Battlebots light up Las Vegas entertainment scene – KSNV

    Magicians and Battlebots Take Las Vegas Entertainment by Storm

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    SMPTE Opens Early Bird Registration for Media Technology Summit – TVTechnology

    SMPTE Launches Early Bird Registration for Exciting Media Technology Summit

    Google Fiber puts Nokia network slicing technology to the test – Fierce Network

    Google Fiber Puts Nokia’s Network Slicing Technology to the Ultimate Test

    Kaseya Extends Community Investment with Addition of Technology Marketing Toolkit – Kaseya

    Kaseya Extends Community Investment with Addition of Technology Marketing Toolkit – Kaseya

    AI and the Trust Revolution: How Technology Is Transforming Human Connections – Foreign Affairs

    AI and the Trust Revolution: How Technology Is Transforming Human Connections – Foreign Affairs

    Technology And Construction Names Join Top Stock Lists: Check Out Additions To IBD 50, Big Cap 20 And More – Investor’s Business Daily

    Technology and Construction Leaders Surge Into Top Stock Rankings: See the Latest Additions to IBD 50, Big Cap 20, and More

    Column: Teach kupuna new technology skills – Honolulu Star-Advertiser

    Empowering Kupuna: Unlocking New Technology Skills for a Connected Future

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

That PowerShell ‘fix’ for your root cert ‘problem’ is a malware loader in disguise

June 19, 2024
in Technology
That PowerShell ‘fix’ for your root cert ‘problem’ is a malware loader in disguise
Share on FacebookShare on Twitter

Crafty criminals are targeting thousands of orgs around the world in social-engineering attacks that use phony error messages to trick users into running malicious PowerShell scripts. 

This latest Windows malware distribution campaign uses fake Google Chrome, Microsoft Word, and OneDrive error messages that look kinda like real warnings. After visiting a legit but compromised website, victims see some kind of pop-up text box in their browser telling them something went wrong – it’s an old but highly effective trick. One worth knowing, we reckon, so that you can help stop colleagues and others falling for it.

Marks are then instructed to click on a “fix” button, and then paste the displayed code into a PowerShell terminal or Windows Run dialog box. This allows PowerShell to run another remote script that downloads and runs the malware on the victim’s PC.

Proofpoint malware hunters have spotted at least two criminal gangs using this technique to infect people’s machines. At least one of the gangs is very likely using it to spread ransomware, we’re told.

“Although the attack chain requires significant user interaction to be successful, the social engineering is clever enough to present someone with what looks like a real problem and solution simultaneously, which may prompt a user to take action without considering the risk,” said Tommy Madjar, Dusty Miller, and Selena Larson in a report out this week.

Proofpoint says it spotted a crew dubbed TA571 using this particular PowerShell-powered technique as early as March 1, and the gang behind the ClearFake malware campaign using it since early April. Both were still active in early June, and a third campaign, dubbed ClearFix, has also been testing it out since at least May.

In these attacks, users visit a compromised website that loads a malicious script “hosted on the blockchain via Binance’s Smart Chain contracts,” the report states — this is apparently called EtherHiding — which then loads a fake warning box in the browser prompting the victim to install a “root certificate” to fix some fictitious problem.

The message includes instructions to copy a PowerShell script and then run it manually on the machine. This script flushes the DNS cache, removes the clipboard’s contents, displays a decoy message to the user, and then downloads and runs a remote PowerShell script. 

This remote script performs a series of Windows Management Instrumentation checks and then drops in Lumma Stealer malware, which downloads three payloads:

In some cases the Amadey malware downloads others, including a Go-based malware that the threat hunters say they believe to be the JaskaGo software nasty, which can be configured for both Windows and macOS machines.

“This means that in total, five distinct malware families could be executed just by running the one initial PowerShell script,” they wrote.

Click-no-fix

The ClearFix campaign used a similar strategy. For this one, the attackers used a compromised website with an injection that leads to an iframe overlay. This one displays as a Google Chrome error message that also tells users to open “Windows PowerShell (Admin)” and then paste the sneaky code, eventually leading to the Vidar Stealer being downloaded and executed.

Malware crooks find an in with fake browser updates, in case real ones weren’t bad enough

That didn’t take long: Replacement for SORBS spam blacklist arises … sort of

VMware by Broadcom warns of two critical vCenter flaws, plus a nasty sudo bug

Cops cuff 22-year-old Brit suspected of being Scattered Spider leader

The third campaign, which Proofpoint attributed to TA571, a crew known for the mass spamming of its targets, sent out more than 100,000 phishing emails to thousands of organizations across the globe.

In this one, criminals send emails containing a malicious HTML attachment disguised as a Microsoft Word page. It also shows an error message cautioning that the “Word Online extension is not installed,” and then gives them two options: “How to fix” and “Auto-fix.”

Clicking “How to fix” copies a Base64-encoded PowerShell command to the computer’s clipboard with a message instructing the user to open PowerShell and right-click the console. 

Meanwhile, the “Auto-fix button” uses the search-ms protocol to show a WebDAV-hosted “fix.msi” or “fix.vbs” file.

The MSI file, when executed, installs Matanbuchus, another malware loader, while the VBS file downloads and run the DarkGate attack code.

“Proofpoint assesses with high confidence that TA571 infections can lead to ransomware,” the researchers said, noting that this crew is continually modifying its email lures and attack chains.

The security shop also includes examples of indicators of compromise, and advises organizations train employees to spot and report suspicious activity — especially for this type of social engineering attack. ®

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : The Register – https://go.theregister.com/feed/www.theregister.com/2024/06/19/powershell_fix_malware/

Tags: ‘FixPowerShelltechnology
Previous Post

Prion Disease Is Spreading in Deer. Here’s What We Know About the Risk to Humans

Next Post

Supermicro plans to flood market with liquid-cooled datacenter tech

The nation’s cartoonists on the week in politics – Politico

The Nation’s Top Cartoonists Capture This Week’s Political Drama

July 10, 2025
SMPTE Opens Early Bird Registration for Media Technology Summit – TVTechnology

SMPTE Launches Early Bird Registration for Exciting Media Technology Summit

July 10, 2025
Barstool Sports announces roster for Internet Invitational at Big Cedar Lodge – Springfield News-Leader

Barstool Sports announces roster for Internet Invitational at Big Cedar Lodge – Springfield News-Leader

July 10, 2025
Embedding information flows within ecological networks – Nature

Discovering the Hidden Dynamics of Information Flow in Ecological Networks

July 10, 2025
Mass layoffs can move forward, with devastating impacts for conservation and science – High Country News

Mass layoffs can move forward, with devastating impacts for conservation and science – High Country News

July 10, 2025
The Boar War: Michigan accused of harassing pig farmers using faulty science – Michigan Capitol Confidential

The Boar War: Michigan accused of harassing pig farmers using faulty science – Michigan Capitol Confidential

July 10, 2025
I took my daughter to meet my girlfriend — and what she found changed everything – VegOut

I took my daughter to meet my girlfriend — and what she found changed everything – VegOut

July 9, 2025
See photos of FIFA Club World Cup semifinal: PSG defeats Real Madrid at MetLife Stadium – Bergen Record

PSG Clinches Exciting Victory Over Real Madrid in FIFA Club World Cup Semifinal – Stunning Photos Inside!

July 9, 2025
The Economic Consequences of the Big Odious Bill – The New Yorker

The Economic Consequences of the Big Odious Bill – The New Yorker

July 9, 2025
Immersive sports and entertainment venue Cosm set to build its 5th location in Cleveland – WKYC

Cosm Reveals Exciting Vision for Its 5th Immersive Sports and Entertainment Venue in Cleveland

July 9, 2025

Categories

Archives

July 2025
MTWTFSS
 123456
78910111213
14151617181920
21222324252627
28293031 
« Jun    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (713)
  • Economy (737)
  • Entertainment (21,626)
  • General (15,807)
  • Health (9,774)
  • Lifestyle (743)
  • News (22,149)
  • People (738)
  • Politics (747)
  • Science (15,954)
  • Sports (21,236)
  • Technology (15,722)
  • World (719)

Recent News

The nation’s cartoonists on the week in politics – Politico

The Nation’s Top Cartoonists Capture This Week’s Political Drama

July 10, 2025
SMPTE Opens Early Bird Registration for Media Technology Summit – TVTechnology

SMPTE Launches Early Bird Registration for Exciting Media Technology Summit

July 10, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version