SEO Texas, Web Development, Website Designing, SEM, Internet Marketing Killeen, Central Texas
SEO, Networking, Electronic Medical Records, E - Discovery, Litigation Support, IT Consultancy
Centextech
NAVIGATION - SEARCH

Use Of Pirated Games To Spread Cryptojacking Malware

Pirated versions of popular games such as Grand Theft Auto V, NBA 2K19 and Pro Evolution Soccer 2018 attract a large number of gamers as they can download these versions free from different forums. However, there might be a hidden cost associated with these pirated versions of popular games. It has been reported that threat artists are using the cracked or pirated versions of popular games to distribute malware. This malware aims at secretly mining cryptocurrency using the infected systems.

The threat has been identified as Crackonosh and has been found to be active since June 2018. The malware wipes out the antivirus programs installed on the target system and uses the system for mining cryptocurrency.

Understanding Crackonosh

The main aim of Crackonosh is to install XMRig on the infected system. XMRig is a coin miner which is then used by the threat actors to secretly mine Monero cryptocurrency using the cracked software downloaded on the infected machine. Reports suggest that the threat actors have mined over $2 Million, or 9000 XMR in total. As of May 2021, the malware was reported to be still getting about 1000 hits a day.

Here is a brief account of how the malware operates:

Disabling Antivirus

Crackonosh caught the eyes of researchers when a large number of people reported that Avast Antivirus programs were removed from their systems. The malware has the capability to remove antivirus software and disabling security software & updates in addition to the use of other anti-analysis techniques. This makes it harder to discover, detect and remove the malware. Crackonosh can delete antivirus programs that use the command - rd <AV directory> /s /q; where <AV directory> is the default directory name that specific antivirus product uses, for example Adaware, Bitdefender, Escan, F-secure, Kaspersky, McAfee (scanner only), Norton and Panda.

Infection Chain

Here is the brief infection process:

  • The target downloads and installs the cracked or pirated software.
  • The installer runs maintenance vbs and starts the installation process using msi.
  • msi registers and runs the main malware executable serviceinstaller.exe.
  • The executable installs a file titled DLL, which extracts winlogui.exe and downloads winscomrssrv.dll and winrmsrv.exe.
  • These files are contained, decrypted and placed in the folder.

Disabling Windows Defender

The malware deletes Windows Defender and Windows Update by deleting a list of registry entries. The motive is to stop Windows Defender and turn off automatic updates. Later, it installs its own MSASCuiL.exe instead of Windows Defender, which adds a Windows Security icon to the system tray. This tricks the user and prevents him from discovering the removal of original Windows Defender.

Conclusion:

Crackonosh attack re-emphasizes on the fact ‘when you try to steal a software, chances are someone is trying to steal from you.’ Such attacks can be prevented by steering away from downloading and using pirated or cracked software. Also, stay cautious and download software from authentic developer.

Centex Technologies has a team of cyber security professionals who help clients in understanding latest cyber security threats and formulate an effective defense strategy. To know more about latest malware attacks, call Centex Technologies at (972) 375 - 9654.

Types Of Cyber Attacks

Cyber-attacks have become sophisticated and are now capable of causing long-term effects on organizations. Thus, businesses need to prepare comprehensive cybersecurity policies. The first step to drafting a cybersecurity policy is to be aware of the threats.

Here are the types of cyber-attacks that an organization is most likely to face:

  • Brute Force Attack: Under this type of attack, the attackers adopt a trial and error approach to guess the password to a system or user account. They try every possible combination of passwords or passphrases until the account is unlocked. Brute force attacks are expedited by using software or tools that can push many possible passwords in a short time. Some of the tools used by cybercriminals include Aircrack-ng, Crack, Hashcat, Hydra, etc.
    Safety Tips:
  • Use complex passwords and change them regularly
  • Set a limit on number of login attempts
  • Enable captchas
  • Employ multi-factor authentication
  • Credential Stuffing: Credential stuffing cyber-attack is based on the assumption that users tend to keep the same password across multiple accounts. Attackers use a database of compromised credentials (password breach database available on the dark web containing stolen credentials from data breaches) to gain unauthorized access to an account. The attackers use bots for automating and scaling up the attack. The hacked accounts can be used for financial theft, fraudulent transactions, misuse of stored data, etc.

Safety Tips:

  • Employ multi-step login process throughout the organization
  • Blacklist suspicious IP addresses
  • Use techniques such as device fingerprinting
  • Phishing & Spear Phishing: Phishing is one of the most common cyber-attack types. Attackers frame an email that looks legitimate with a seemingly trusted source to trick targets into providing personal details. The emails generally include matters that would require a user to act in a hurry; for example, the email may mention that the user needs to verify his details within a few minutes to avoid being charged a penalty or account suspension by his financial institution. The attackers use technical knowledge in conjunction with social engineering to design a successful phishing attack. Spear phishing is a more targeted attack where the attackers research the target to prepare a more personalized message or email.

Safety Tips:

  • Be wary of emails from unknown sources
  • Before clicking on a link, hover over it to see the destination
  • Pay close attention to email headers
  • Malware Attacks: Malware is a broad term representing attacks where malicious software is downloaded on the target device to steal, encrypt, or delete sensitive data for business or financial benefits. Majorly known forms of malware include adware, bots, ransomware, and Trojans.

Safety Tips:

  • Use a dedicated tool for adware removal
  • Install firewall and keep the system up-to-date
  • Perform frequent backup
  • Avoid downloads from unknown sources

Centex Technologies is committed to helping clients understand cyber-attacks and formulate an effective strategy to stay protected. For more information, call Centex Technologies at (972) 375 - 9654.

Jokeroo: Things To Know

Jokeroo is a type of ‘Ransomware As A Service’. So, in order to understand Jokeroo, it is first important to understand what is RaaS (Ransomware As A Service). RaaS is a mode of selling the use of ransomware to different affiliates.

The developer creates the ransomware and a payment site. The affiliates can sign up on the payment site. Once signed up, these affiliates help in distributing the ransomware to different victims. The ransom collected from the victims is then split between the developer and the affiliate.

Features Of Jokeroo RaaS:

  • In order to spread infection via Jokeroo ransomware, the developers distribute the ransomware via developers of other programs as well.
  • Jokeroo acts as a RaaS that offers membership packages to its affiliates. The services available to the affiliates depend upon the membership tier.
  • Once signed up, the affiliates gain access to dashboard of Jokeroo RaaS platform. The dashboard will show the membership level of the affiliate, list of victims, when they were infected, and if the victim has paid the ransom or not.
  • Affiliates can also look deeper to check the victim list and their IP address. The list also includes information such as Windows version and geographic location.
  • Jokeroo RaaS allows the affiliates to create their customized ransom notes.

How To Remove Jokeroo Ransomware?

If the victim has working backup of the infected files or is never going to try and recover the lost files, then the simple ways to remove Jokeroo ransomware are to:

  • Scan the computer with one or more antivirus and anti-malware programs
  • Reinstall the operating system

In case the victim needs to recover the encrypted files, victims can try to decrypt the files or use methods of file recovery.

  • Restore From Backup: If regular backups have been made on a separate device, then the victim can easily recover the files after running antivirus and antimalware scans to remove the ransomware.
  • File Recovery From Cloud Storage: Even if the encrypted files have been synced to the linked cloud storage, a number of cloud services retain the older versions of altered files for some days.
  • Recover Shadow Volume Copies: Volume Shadow Copy Service is a Windows technology that creates snapshots of the computer files on a regular basis and allows to revert any changes made on those files.

For more information on Jokeroo, call Centex Technologies at (972) 375 - 9654. 

Cybersecurity Practices For Small-Medium Size Businesses


Small-medium size businesses (SMBs) pose as an easy target to the cyber criminals. The reason behind an increased number of crimes against SMBs is that majority of cyber-attacks have an underlying motive of stealing personal data for identity theft and credit card fraud. Since SMB networks tend to be less secure, it becomes easier for the hackers to launch a breach successfully.

As there is an alarming increase in breach incidents, it has become important for SMB owners to pay more attention to cybersecurity. Some cybersecurity practices that SMBs should adopt are:

Document Your Cybersecurity Policies: It is important to document the cybersecurity policies, installed updates, analysis reports, etc. SMBs can make use of online planning guides to initiate the documentation process. Also, many portals offer online training, tips and checklists related to prevailing cybersecurity trends. This is an important step for SMBs to keep a track of their cybersecurity protocols.

Educate Your Employees: As the cyber-attacks are becoming more complex, the cybersecurity policies are also evolving. In addition to regularly updating the protocols, SMBs should define internet use guidelines and establish consequences of cybersecurity violations. The employees that have access to the network should be thoroughly educated about these updates and guidelines. They should be properly trained on security policies and ways to detect malware or infection.

Firewall: Make sure that your employees should use a firewall when accessing business network in office or at home. Firewalls act as fist line of defense against cyber-attacks targeted to access sensitive data. For an additional line of defense, SMBs should consider installing internal firewalls in addition to external firewall.

Mobile Device Security: As the BYOD culture is gaining popularity, most employees prefer using their own mobile devices to access business network and sensitive data. Since employees tend to download numerous applications or software on their mobile devices, they pose as a threat by accidentally downloading malware. A hacker can compromise the mobile device and gain access to the sensitive business data. Thus, educate your employees on the requirement to encrypt their data, install trusted security apps and password protect their devices.

Password Policies: Teach your employees to use strong passwords. You can ensure this by setting well-defined password policies for network access. Also, it is advisable for SMBs to use multi-factor authentication for granting network access to the employees and consumers. SMB owners can also lay out the policy that requires employees to change their passwords after a few months.

Data Backup: Invest in off-shore backup plans to ensure data retrieval in case of any disaster or data loss. Make it a point to back up the data at regular intervals. If possible, consider using automatic data backup settings.

 For more information about cybersecurity practices for SMBs, call Centex Technologies at (972) 375 - 9654.

Watering Hole Attack

A watering hole attack is an opportunistic cyber security attack where the attacker targets a specific group of end users, usually an organization.

What Does ‘Watering Hole Attack’ Mean?

The attack gets its name from a wildlife predatory tactic. Many predators in a forest lurk around a watering hole or an oasis to wait for their prey. As the prey comes to drink water from the oasis, the predator grabs the opportunity to attack. The cyber-attack follows a similar approach and is thus named as ‘Watering Hole Attack’.

How Is The ‘Watering Hole Attack’ Executed?

For executing the attack, hacker traps a single user to gain access to a corporation’s server. The attack is executed in a stepwise process:

  • Finding The Waterhole: The attackers begin the process by finding the waterhole. They conduct thorough research and observe their target user to find out the website that is frequently visited by him. This website acts as the waterhole.
  • Compromising The Website: Once the attackers identify the frequently visited website, they look for existing vulnerabilities in the website. They inject malicious JavaScript or HTML code in the ads or banners displayed on the website. When the end user accesses the compromised website, this code redirects him to a separate site where the malware is hosted.
  • Infecting the server: When targeted user accesses the site, a script containing the malware is automatically downloaded on the user’s system. This malware collects personal information from user’s device and sends it to the C&C server. In some cases, the malware script may allow complete access of the victim’s system to the attacker. The infection is then spread across other systems on the organization’s server.

Avoiding ‘Watering Hole Attack’

In order to increase the impact of an attack, hackers choose trusted websites for launching the infection. Also, they make use of zero-day exploits for infesting these websites. This makes it difficult for traditional tools like antivirus to detect these attacks at an early stage. Thus, employing preventive measures is the best way to keep yourself safe from Watering Hole Attacks.

  • Keep your system updated with latest software patches.
  • Configure firewalls & other network security protocols.
  • Monitor the popular websites visited by your employees to ensure that these sites are not infested with any malware.
  • Regularly monitor your organization’s websites to detect any malware at its earliest stage.
  • Use browser’s private settings and VPN services to hide your online activities.
  • Configure your security tools to keep users notified about compromised websites.
  • Educate your employees about ‘Watering Hole Attacks’ and ways to avoid them.

For more information on Watering Hole Attack, contact Centex Technologies at (972) 375 - 9654.