close
close

Ghostsocks malware can avoid detection systems

Posted on by Online Niel
Ghostsocks malware can avoid detection systems

Ghostsocks malware can avoid detection systems Cyber ​​Security Agency and Security for Infrastructure (CISA) and FBI issued a common cyber security notice regarding the increasing threat of ghost ransomware.
A variation of this stem of malware Named Ghostsocks uses Socks5 to bypass anti-fraud mechanisms and geographical restrictions.

Detected for the first time in 2021, this ransomware group targeted organizations from over 70 countries, exploiting unpaid software, weak credentials and outdated security configurations to infiltrate enterprise networks.

Ghostsocks works as a Malware-As-Service model, distributed alongside the Lummac2 infoster. The new Malware variant, announced for the first time on Russian forums in October 2023, has recently expanded to include English cyber criminals, offering attackers a sophisticated method to monetize compromised systems through accreditation abuse and residential proxy networks.

Malware connection with Lumma allows the automatic supply of infected systems, creating a symbiotic relationship that improves post-exploitation capabilities. For a $ 150 license fee in Bitcoin, threatening actors have access to personal

The main function of malware is to establish the Socks5 connection pods, allowing attackers to direct traffic through compromised devices. This method masks the origin of malicious activities, allowing attackers to circumvent the security checks based on IP used by financial institutions and other high value targets.

Ghostsocks uses a relay control and control (C2) infrastructure, using level 1 and level 2 servers for obscure communication. Attacrators can exploit these tunnels to direct traffic through the victim’s IP addresses, bypassing the geolocalization filters. Researchers at the Security Company Infrawatch They identified the C2 Infrastructure Hosted on Vdsina (AS216071), a supplier from the united Emirates, known for hosting commercial VPNs and Proxy services.

Ghost actors have begun to attack victims whose internet services faced the Internet have been running out of 2021 software and firmware versions. This large -scale direction of networks containing vulnerabilities has led to the compromise of organizations at international level, including China organizations.

The affected victims include critical infrastructure, schools and universities, medical assistance, government networks, religious institutions, technology and production companies and numerous small and medium -sized enterprises.

Cisa | News about cyber security | Gbhackers | Malpedia | Jds | Report dfir

Image: Unssplash

You could read too:

Remote deletion of the malware applied on thousands of computers:

If you like this website and use the full 7,000 plus service providers, you can get access to no restrictions, including the exclusive depth series of reports, enrollment to a Premium subscription.

  • Individually 5 GBP per month or 50 GBP per year. Sign up
  • Multi-utilizer, corporate and library accounts available on request

Cyber ​​security information: captured organized and accessible

«Alibaba intends to spend $ 53 billion for AI development