Connect with us
NginRAT malware masquerades as a legitimate process on Nginx servers NginRAT malware masquerades as a legitimate process on Nginx servers

Security

NginRAT malware masquerades as a legitimate process on Nginx servers

Published

on

NginRAT malware is used in server-side attacks to steal payment card data from online stores.

Online stores are attacked by remote access malware that masquerades as a legitimate process on Nginx servers. Known as NginRAT, the malware is used in server-side attacks to steal payment card data from online stores.

NginRAT has been detected on e-commerce servers in North America and Europe that have been infected with the CronRAT remote access trojan. CronRAT is malware that disguises its malicious actions by scheduling them to occur on a non-existent calendar day.

According to experts from Sansec, the new malware loading using CronRAT, although they both perform the same function – they provide remote access to a compromised system. Although very different methods are used to ensure stealth, both RATs act as a backup to preserve remote access.

Sansec was able to learn NginRAT after creating a custom build of CronRAT and observing communication with the hacker command center in China. The researchers tricked the command center into sending and running the shadow library payload as part of normal malicious communication, disguising NginRAT as “more sophisticated malware.”

“NginRAT is essentially hijacking the Nginx application to go unnoticed. To do this, NginRAT modifies the basic functionality of a Linux-based system. When a legitimate Nginx web server uses certain functions (for example, dlopen), NginRAT takes control over it, ”the experts explained.

NginRAT reaches the compromised system using CronRAT by executing a special dwn command that downloads the malicious Linux system library to the / dev / shm / php-shared folder. The library is then run using the LD_PRELOAD debug function in Linux, which is commonly used to test system libraries.

Since NginRAT is disguised as a regular Nginx process, and the code only exists in server memory, detecting it can be a problem. The malware is launched using two variables: LD_PRELOAD and LD_L1BRARY_PATH. Administrators can use the latter, a typo, to identify active malicious processes.

As Sansec pointed out, if NginRAT is detected on the server, sysadmins need to check cron jobs because this is where malware might be hiding.

Click to comment

Leave a Reply

Your email address will not be published.

Security

Nvidia lost. LHR mining protection is also hacked under Linux. This was done by NBMiner developers

Published

on

Nvidia lost LHR mining protection is also hacked under

Two days have passed since the NiceHash developers cracked the Nvidia LHR protection, as the NBMiner team also pleased their users with the same news. Only this time we are talking about software for Linux.

Nvidia lost.  LHR mining protection is also hacked under Linux.  This was done by NBMiner developers

Thus, Nvidia’s protection completely fell for both Windows and Linux. Unfortunately, both programs are closed source, so it’s not clear what mechanisms the developers used to hack.

Whether the loss of Nvidia will affect the availability and prices of video cards is still difficult to say. At the moment, the cryptocurrency market continues to fall, but sooner or later it will turn around, and gamers may again face shortages and overpriced graphics cards.

Continue Reading

Security

Xiaomi has released a profitable set of security camera and smart door locksmart door lock

Published

on

Xiaomi has released a profitable set of security camera and

Xiaomi has introduced a new kit with an outdoor video surveillance camera and a smart door lock, which includes Mi Outdoor camera and Mi Smart Door Lock 1S.

The bundle is priced at around $237, which is a great deal as these devices cost $20 more individually.

Mi Smart Door Lock 1S supports 7 unlocking methods, including fingerprint, password, temporary password, Bluetooth, HomeKit, NFC or regular key unlock. Compared to the first generation, the new lock supports both the Mijia app and Apple HomeKit.

Xiaomi has released a profitable set of security camera and

As for the rechargeable version of Xiaomi Outdoor Camera, this is Xiaomi’s first outdoor wireless camera. It has an independent design and can be installed without connecting the mains cable or power cable. It has a wide viewing angle of 130°, 1080p resolution and supports WDR technology.

In addition, the battery version of the Xiaomi Outdoor Camera offers night vision up to 7 meters and people detection function. It is IP65 rated and has a long battery life of up to 90 days.

Continue Reading

Security

“These are machines for sucking out personal data.” Prayer and mental health apps have poor security

Published

on

These are machines for sucking out personal data Prayer and

Mental health apps have worse privacy protection than most other types of apps, according to a new analysis by Mozilla. We are talking about the entire category as a whole. In addition, things are also bad for prayer applications.

“These are machines for sucking out personal data.”  Prayer and mental health apps have poor security

The vast majority of mental health and prayer apps are exceptionally creepy. They track a variety of data, share and capitalize on users’ most intimate personal thoughts and feelings, such as mood, mental state, and biometric data.

The team analyzed 32 mental health and prayer apps. Of these apps, 29 received a Privacy not included warning, indicating that the team is concerned about how the app manages user data.

These applications collect large amounts of personal data in accordance with vague privacy policies. Most applications have also been found to have poor security practices that allow users to create accounts with weak passwords. Considering how much personal information such programs can contain, this is a bad feature.

The list of the worst programs according to the specified criteria included Better Help, Youper, Woebot, Better Stop Suicide, Pray.com and Talkspace. In particular, the Woebot chatbot claims to collect information about users and shares this data for advertising purposes, and Talkspace collects transcripts of user chats.

They work like data-sucking machines with the look and feel of a mental health app. In other words: wolves in sheep’s clothing

Continue Reading

Most Popular