Carding 4 Carders
Professional
Active since 2016, the group has dealt another blow to Internet security.
Cybersecurity researchers warn of a new wave of attacks on Chinese Internet users by the hacker group Higaisa. As it became known, the attackers created a phishing site that looks very similar to the legitimate VPN service OpenVPN and placed a malicious installer file disguised as legitimate software on it.
During the investigation, Cyble specialists found several more malicious files disguised as installers of popular Zoom and Google Meet applications.
Malicious installers used in the attacks are written in the Rust programming language and represent a backdoor program. Once launched, the backdoor performs a series of actions to decrypt and activate malicious shellcode, which then establishes an encrypted connection to the hackers remote control server. Thus, attackers gain full control over the infected device.
Experts note that the methods used by hackers in these attacks are very similar to those previously used by the Higaisa group. This may indicate with a high degree of probability that this particular group is behind the new attacks.
Higaisa is a hacker group allegedly based in South Korea. Researchers have known about its activity since 2016, including the use of Gh0st and PlugX Trojans, as well as malware for mobile devices. The main targets of Higaisa are government agencies, human rights organizations, and other organizations associated with North Korea. However, hackers are not limited to North Korea alone, which is confirmed by the attack on Chinese users.
To protect yourself from such attacks, experts recommend that you be extremely careful when installing programs from the network — download software only from verified resources and be sure to check the security of the connection. It is also important to use antivirus programs, regularly update the software, and make backups of your data.
In addition, you should always use strong passwords and two-factor authentication for all your accounts to protect your data even if your device is compromised.
Cybersecurity researchers warn of a new wave of attacks on Chinese Internet users by the hacker group Higaisa. As it became known, the attackers created a phishing site that looks very similar to the legitimate VPN service OpenVPN and placed a malicious installer file disguised as legitimate software on it.
During the investigation, Cyble specialists found several more malicious files disguised as installers of popular Zoom and Google Meet applications.
Malicious installers used in the attacks are written in the Rust programming language and represent a backdoor program. Once launched, the backdoor performs a series of actions to decrypt and activate malicious shellcode, which then establishes an encrypted connection to the hackers remote control server. Thus, attackers gain full control over the infected device.
Experts note that the methods used by hackers in these attacks are very similar to those previously used by the Higaisa group. This may indicate with a high degree of probability that this particular group is behind the new attacks.
Higaisa is a hacker group allegedly based in South Korea. Researchers have known about its activity since 2016, including the use of Gh0st and PlugX Trojans, as well as malware for mobile devices. The main targets of Higaisa are government agencies, human rights organizations, and other organizations associated with North Korea. However, hackers are not limited to North Korea alone, which is confirmed by the attack on Chinese users.
To protect yourself from such attacks, experts recommend that you be extremely careful when installing programs from the network — download software only from verified resources and be sure to check the security of the connection. It is also important to use antivirus programs, regularly update the software, and make backups of your data.
In addition, you should always use strong passwords and two-factor authentication for all your accounts to protect your data even if your device is compromised.
