Home Security Chinese language Hackers Concentrating on On-line Casinos with GamePlayerFramework Malware

Chinese language Hackers Concentrating on On-line Casinos with GamePlayerFramework Malware

by crpt os


An advanced persistent threat (APT) group of Chinese origin codenamed DiceyF has been linked to a string of attacks aimed at online casinos in Southeast Asia for years.

Russian cybersecurity company Kaspersky said the activity aligns with another set of intrusions attributed to Earth Berberoka (aka GamblingPuppet) and DRBControl, citing tactical and targeting similarities as well as the abuse of secure messaging clients.

CyberSecurity

“Possibly we have a mix of espionage and [intellectual property] theft, but the true motivations remain a mystery,” researchers Kurt Baumgartner and Georgy Kucherin said in a technical write-up published this week.

The starting point of the investigation was in November 2021 when Kaspersky said it detected multiple PlugX loaders and other payloads that were deployed via an employee monitoring service and a security package deployment service.

GamePlayerFramework Malware

The initial infection method – the distribution of the framework through security solution packages – afforded the threat actor “to perform cyberespionage activities with some level of stealth,” the company stated.

Subsequently, the same security package deployment service is said to have been employed to deliver what’s called the GamePlayerFramework, a C# variant of a C++-based malware known as PuppetLoader.

“This ‘framework’ includes downloaders, launchers, and a set of plugins that provide remote access and steal keystrokes and clipboard data,” the researchers explained.

GamePlayerFramework Malware

Indications are that the DiceyF activity is a follow-on campaign to Earth Berberoka with a retooled malware toolset, even as the framework is maintained through two separate branches dubbed Tifa and Yuna, which come with different modules of varying levels of sophistication.

While the Tifa branch contains a downloader and a core component, Yuna is more complex in terms of functionality, incorporating a downloader, a set of plugins, and at least 12 PuppetLoader modules. That said, both branches are believed to be actively and incrementally updated.

Regardless of the variant employed, the GamePlayerFramework, once launched, connects to a command-and-control (C2) and transmits information about the compromised host and the clipboard contents, after which the C2 responds with one of 15 commands that allow the malware to seize control of the machine.

CyberSecurity

This also includes launching a plugin on the victim system that can either be downloaded from the C2 server when the framework is instantiated or retrieved using the “InstallPlugin” command sent by the server.

These plugins, in turn, make it possible to steal cookies from Google Chrome and Mozilla Firefox browsers, capture keystroke and clipboard data, set up virtual desktop sessions, and even remotely connect to the machine over SSH.

Kaspersky also pointed to the use of a malicious app that mimics another software called Mango Employee Account Data Synchronizer, a messenger app used at the targeted entities, to drop the GamePlayerFramework within the network.

“There are many interesting characteristics of DiceyF campaigns and TTPs,” the researchers said. “The group modifies their codebase over time, and develops functionality in the code throughout their intrusions.”

“To make sure that victims did not become suspicious of the disguised implants, attackers obtained information about targeted organizations (such as the floor where the organization’s IT department is located) and included it inside graphic windows displayed to victims.”





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex