Threat Database Malware Thrangrycat


By GoldSparrow in Malware

Thrangrycat is a vulnerability uncovered in May 2019 that makes millions of devices vulnerable to attack. Thrangrycat is a vulnerability in Cisco devices that can allow criminals to inject backdoor Trojans into a device, allowing them to collect data or install other malware potentially. Malware specialists strongly advise owners of Cisco devices to take steps to protect themselves from this exploit.

How the Thrangrycat Vulnerability is Used

PC security analysts uncovered the Thrangrycat vulnerability in May of 2019, and it has been labeled as CVE-2019-1649. This vulnerability is present in Cisco devices that have the Trust Anchor module, which has been a part of many Cisco devices since 2013. This is a module that is designed to ensure that each piece of hardware is unique and can be verified. However, criminals can use this vulnerability to inject bad code in a wide variety of devices, which can range from routers and switches to firewalls and PCs. One aspect of the Thrangrycat vulnerability that is worrying particularly is that devices vulnerable to Thrangrycat seem to be used in the networks of large companies and governments widely, ensuring that there are numerous potential high-profile targets that can become infected with malware as a result of the Thrangrycat vulnerability.

How the Thrangrycat Vulnerability Works

The Thrangrycat vulnerability is not the only flaw in TAm, and this module can be affected through FPGA bitstream and other means as well. The aspect of these devices that enables the Thrangrycat vulnerability is an improper check on the code area that manages FPGA (Field Programmable Gate Array) that is part of how the hardware boots. When an attacker has privileges to access the victim's operating system, this vulnerability can be exploited to deliver a modified firmware image to the device. The Thrangrycat flaw was used to carry out a sample attack by PC security researchers, to prove that this concept can be used to inject corrupted code. The Thrangrycat vulnerability can be used in conjunction with other vulnerabilities and attack vectors to gain remote access to a device and to carry out more specific attacks that can allow criminals to gain access to data, computer systems, or execute threatening commands on the targeted device. Generally, the Thrangrycat vulnerability will be used by the attacker to inject a backdoor Trojan onto the victim's computer. This backdoor can then be used to install other malware or continue escalating the attack.

Protections in Place for Potential Targets of the Thrangrycat Flaw

Cisco has kept updating all devices that have been found to be susceptible to attacks leveraging the Thrangrycat flaw. The two flaws associated with the Thrangrycat vulnerability have not been used to carry out malware attacks currently and have only been demonstrated in a theoretical setting by PC security researchers. However, Cisco devices that have not been updated may be vulnerable to Thrangrycat attacks, allowing criminals to deliver malware to devices all around the world. Because of this, Cisco has claimed that it will deliver updates to all potential targets to ensure that its devices remain safe.

Protecting Your Devices from the Thrangrycat Flaw

The best protection against the Thrangrycat flaw is to ensure that all of your firmware is fully up-to-date. Having updated firmware and software ensures that vulnerabilities like Thrangrycat cannot be leveraged by attackers to carry out infections. This is especially critical for network administrators and firms that may be handling sensitive data, which may be the prime targets for attacks such as Thrangrycat, which require considerable resources and knowledge to carry out. Real-time monitoring, strong security measures, and reliable security software are also paramount to prevent Thrangrycat attacks.


Most Viewed