Windows 10: This password-stealing malware just added a new way to infect your PC

  1. Borg 386's Avatar
    Posts : 21,608
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition
       05 Jul 2018 #1

    This password-stealing malware just added a new way to infect your PC


    A powerful form of malware which can be used to distribute threats including Trojans, ransomware and malicious cryptocurrency mining software has been updated with a new technique which has rarely been seen in the wild.
    What intrigued researchers is how Smoke Loader is now using an injection technique which hadn't been used to distribute malware until just days ago. The code injection technique is known as PROPagate and was first described as a potential means of compromise late last year.

    This technique abuses the SetWindowsSubclass function -- a process used to install or update subclass windows running on the system -- and can be used to modify the properties of windows running in the same session. This can be used to inject code and drop files while also hiding the fact it has happened, making it a useful, stealthy attack.

    It's likely that the attackers have observed publicly available posts on PROPagate in order to recreate the technique for their own malicious ends.

    Those behind this process have also added anti-analysis techniques to complicate forensics, runtime AV scanners, tracing, and debugging that any researchers may attempt to conduct on the malware.
    While there's still plenty of Smoke Loader attacks which look to deliver additional malware to compromised systems, in some cases the malware is being equipped with its own plug-ins to go straight onto performing its own malicious tasks.

    Each of these plugins are designed to steal sensitive information, specifically stored credentials or sensitive information transferred over a browser -- the likes of Firefox, Internet Explorer, Chrome, Opera, QQ Browser, Outlook, and Thunderbird can all be used to steal data.

    The malware can even be injected into applications like TeamViewer, potentially putting the credentials of others on the same network as the infected machine at risk too.

    Read more: This password-stealing malware just added a new way to infect your PC | ZDNet
    Last edited by Brink; 05 Jul 2018 at 12:01.
      My ComputerSystem Spec

  2. magilla's Avatar
    Posts : 1,931
    Windows 10 and windows insider
       05 Jul 2018 #1

    It’s a dangerous world we live in!
      My ComputerSystem Spec


  3. Posts : 925
    Windows 10 Home x64 and Pro x86
       05 Jul 2018 #2

    This sensationalist thread omits to mention the very clear information in the link that "Distributed in spam email phishing campaigns ... Like many malware campaigns, the initial attack is conducted via a malicious Microsoft Word attachment which tricks users into allowing macros"

    There are well-established & wide-spread preventative measures to counter such attempts.

    Denis
      My ComputerSystem Spec

  4.    06 Jul 2018 #3

    Yep. The best protection is good security habits by end user. Keep your systems updated and never rely on anything too good to be true. I guess this will get patched soon...
      My ComputerSystem Spec

  5.    06 Jul 2018 #4

    Try3 said: View Post
    This sensationalist thread omits to mention the very clear information in the link that "Distributed in spam email phishing campaigns ... Like many malware campaigns, the initial attack is conducted via a malicious Microsoft Word attachment which tricks users into allowing macros"

    There are well-established & wide-spread preventative measures to counter such attempts.

    Denis
    True....

    On the other hand, the email with the MS Word attachment may come from your clients, or business associates, etc., who had been infected initially with this malware. You may even be waiting for a document from your client and opening it is the first reaction.

    This is more prevalent in the world of small to mid-size businesses, where security awareness training is minimal at best and non-existent at worse. The preventative measures do work for the known threats, but most of the times they are useless against new ones.
      My ComputerSystem Spec

  6.    06 Jul 2018 #5

    I'm sure the AV companies are scrambling to enable their scanners to recognize and counter this, and I'm confident they will succeed.
      My ComputerSystem Spec


  7. Posts : 925
    Windows 10 Home x64 and Pro x86
       06 Jul 2018 #6

    Cr00zng said: View Post
    True....

    On the other hand, the email with the MS Word attachment may come from your clients, or business associates, etc., who had been infected initially with this malware. You may even be waiting for a document from your client and opening it is the first reaction.

    This is more prevalent in the world of small to mid-size businesses, where security awareness training is minimal at best and non-existent at worse. The preventative measures do work for the known threats, but most of the times they are useless against new ones.
    Yes, I know that. Please do not write posts as though everybody else was an idiot.
      My ComputerSystem Spec

  8.    06 Jul 2018 #7

    Try3 said: View Post
    Yes, I know that. Please do not write posts as though everybody else was an idiot.
    My guess is he saw your signature with the Dell computers.
      My ComputerSystem Spec

  9.    06 Jul 2018 #8

    Try3 said: View Post
    Yes, I know that. Please do not write posts as though everybody else was an idiot.
    That has not been stated as such, nor had it been my intent to imply it. Relax, it's TGIF...
      My ComputerSystem Spec


 

Related Threads
Newbie, forgive my stupid questions. I will have a few things running in the background and tend to flick between them. Firefox, a word document and say music. I click on a work file (usually excel) and can see it may take a few moments to download...
Every...i mean every anti malware blocked by unknown malware/virus in AntiVirus, Firewalls and System Security
i have looked up this issue and apparently this must be a new one since there is no solution what so ever, even the hidden admin account is defenseless, here is what's going on 1. the PC got infected on windows defenders watch, the infection...
Hi I am in a remote part of the world with limited access to networking. I am using a 3G mobile/cell USB modem with cellphone sim card to get internet access. I only get 2.5GB allowance per month. Every day when I first connect to the...
I installed Win 10 x64 Home the other day and since then I have had nothing but problems. At random, explorer.exe will steal focus from the active task (can be firefox, can be Word doesn't matter what it is) making the system almost unusable. ...
PIN added but demands password in User Accounts and Family Safety
I added a PIN to my Microsoft account. If the machine goes to screensaver from inactivity, then the PIN will unlock it (if connected to the internet). If I am offline though, or it wakes from sleep/reboots, then the PIN will give me the...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 16:44.
Find Us