By GoldSparrow in Trojans

The Asnarök malware is a new threat that targets cybersecurity products. This is a rather unusual approach, but some cybercriminals are more creative than others. The goal of the Asnarök Trojan is to gather information about its targets by exploiting anti-malware programs’ vulnerabilities. The cyber crooks behind the Asnarök malware target both hardware and software by the Sophos security vendor. It would appear that the attackers are using a vulnerability in a certain firewall that allows them to carry out their unsafe operations.

First, the cybercriminals responsible for the Asnarök Trojan would scan the Web in search of firewall services accessible at the moment. Next. The perpetrators would utilize a zero-day RCE (Remote Code Execution) that enables them to use remote code to execute specific actions on the infected system. Thanks to this, they would be able to download a series of shell scripts that, when unpacked, would form the final payload of the Asnarök Trojan. The shell scripts in question are utilized for the building of the malware installer module. As soon as the Asnarök malware is planted on the targeted system successfully, the threat will gain persistence by altering the settings of the firewall. This would ensure that the Asnarök Trojan would run whenever the compromised host is rebooted. Once the Asnarök threat gains persistence on the host successfully, it will proceed with the attack by collecting firewall login credentials, which are then transferred to the C&C (Command & Control) server of the attackers.

The security vendor in question has already taken the necessary measures to patch this vulnerability and protect its customers. This comes to show us that cyber crooks do not spare anyone – from regular users to legitimate cybersecurity vendors. It is advisable to protect your computer and your data by investing in a reputable anti-virus software suite.


Most Viewed