Solved Nasty New Malware


glasskuter

glasskuter

aka Mama Glass
Guru
VIP
Local time
11:57 AM
Posts
9,414
Location
The Lone Star State of Texas
OS
Windows 11 Pro 24H2 26100.3775

My Computers

System One System Two

  • OS
    Windows 11 Pro 24H2 26100.3775
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    1tb Solidigm m.2 nvme+256gb SKHynix m.2 nvme /External drives 512gb Samsung m.2 sata+1tb Kingston m2.nvme+ 4gb Solidigm nvme
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    #1 Edge #2 Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 11 Pro 24H2 26100.3775
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 9020
    CPU
    i7-4770
    Motherboard
    stock Dell
    Memory
    24 gb
    Graphics card(s)
    integrated
    Sound Card
    integrated
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell factory
    Mouse
    Logitech wireless
    Keyboard
    Logitech wired
    Internet Speed
    still too embarrassed to tell
    Browser
    Firefox
    Antivirus
    Defender
Pretty clever. Using an old vulnerable avast driver as well as IObitUnlockers.sys unlocker.

I do wonder if UAC being set at its highest level would prevent this attack + windows defender tamper protection. And if the default powershell protections would prevent it from running. Would a user specifically need to allow anything for it to work......

Would like to find it to test with....

This has more info which I am still reading through

www.elastic.co

Invisible miners: unveiling GHOSTENGINE’s crypto mining operations — Elastic Security Labs

Elastic Security Labs has identified REF4578, an intrusion set incorporating several malicious modules and leveraging vulnerable drivers to disable known security solutions (EDRs) for crypto mining.
www.elastic.co www.elastic.co

Microsoft created the Vulnerable Driver Blocklist to stop admins from tampering with the kernel, but they've done nothing about an admin-to-kernel exploit chain that was reported over 11 months ago. By removing the vulnerable driver requirement from EDRSandBlast via GodFault, I hope to prove that admin-to-kernel exploits can be just as dangerous as vulnerable drivers and that MSRC needs to take them seriously. Given Windows 11's goal of default security and the fact that the Vulnerable Driver Blocklist is now enabled by default, MSRC needs to reconsider its policy of indifference towards PPL and kernel exploits.
Click to expand...

Yeah.....I agree
 
Last edited:

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom Built
    CPU
    Ryzen 7 5700 X3D
    Motherboard
    MSI MPG B550 GAMING PLUS
    Memory
    64 GB DDR4 3600mhz Gskill Ripjaws V
    Graphics Card(s)
    RTX 4070 Super , 12GB VRAM Asus EVO Overclock
    Monitor(s) Displays
    Gigabyte M27Q (rev. 2.0) 2560 x 1440 @ 170hz HDR
    Hard Drives
    2TB Samsung nvme ssd
    2TB XPG nvme ssd
    PSU
    CORSAIR RMx SHIFT Series™ RM750x 80 PLUS Gold Fully Modular ATX Power Supply
    Case
    CORSAIR 3500X ARGB Mid-Tower ATX PC Case – Black
    Cooling
    ID-COOLING FROSTFLOW X 240 CPU Water Cooler
    Internet Speed
    900mbps DOWN, 100mbps UP
  • Operating System
    Chrome OS
    Computer type
    Laptop
    Manufacturer/Model
    HP Chromebook
    CPU
    Intel Pentium Quad Core
    Memory
    4GB LPDDR4
    Monitor(s) Displays
    14 Inch HD SVA anti glare micro edge display
    Hard Drives
    64 GB emmc
You must log in or register to reply here.

Similar threads

Interesting Article on Captchas and Malware
Replies
4
Views
505
x509
X
Chromebook Malware Questions
Replies
2
Views
594
glasskuter
glasskuter
Info-New Malware Steals Online Banking Information
2
Replies
26
Views
2K
antspants
antspants
  • Article Article
Keylogging malware protection built into Windows 10 and Windows 11
Replies
3
Views
962
Ghot
Ghot
  • Article Article
3 new ways Android keeps you and your device safe
Replies
0
Views
177
Brink
Brink

Latest Support Threads

Latest Tutorials

Back
Top Bottom