A recent report from Avast has revealed that a group of hackers believed to be associated with North Korea, carried out a sophisticated attack to install dangerous malware on users’ computers. This was achieved through software updates of eScan anti-virus software, which were stolen by the hackers by controlling data transmission (AitM) on the target device. The stolen updates were then converted into a backdoor malware distribution tool named GuptaMiner. When the infected update was installed by the user, GuptiMiner became active and silently worked on the computer, undetected by antivirus and other endpoint protection tools.
GuptiMiner is not a regular cryptocurrency mining tool but a dangerous backdoor malware that can analyze the environment to see if it is running in a virtual environment (sandbox), disable antivirus and other endpoint protection tools, and install additional types of malware. Moreover, the hackers installed other malware on the victim’s computer, including an improved version of the Putty Link backdoor and a sophisticated unnamed type of malware. These can steal private keys, cryptocurrency wallet information, and other sensitive data.
This attack highlights the fact that although installing an antivirus program can improve the security of your device, it is not a foolproof solution. Users need to be careful in choosing reputable software from reliable suppliers and update it regularly to safeguard their devices against potential risks.