CySecurity News – Latest Information Security and Hacking Incidents
Avast researchers have observed DirtyMoe malware acquiring new worm-like propagation capabilities, which allows it to extend its reach without requiring any user interaction.
According to Avast researcher Martin Chlumecky, DirtyMoe’s worming module targets older well-known susceptibilities, such as EternalBlue and Hot Potato Windows privilege escalation. One worm module can generate and target hundreds of thousands of private and public IP addresses per day. Many machines still use unpatched systems or weak passwords, leaving many victims at risk.
Cybersecurity researchers are currently observing three main techniques that spread the malware: PurpleFox EK, PurpleFox Worm, and injected installers of Telegram Messenger which serve as mediums to spread and install DirtyMoe. However, it is highly likely that the malware uses other distribution techniques as well.
The malware also has a service that leads to the launch of two additional processes for loading modules for Monero mining and spreading malware in a worm-like manner. The worming modules target victim devices by employing multiple bugs to install the malware, with each module targeting a specific vulnerability based on inform
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: