A malware framework named DarkCracks has been identified by cybersecurity experts from QiAnXin. This newly discovered threat takes advantage of weaknesses in GLPI, an IT asset management system, and WordPress websites. DarkCracks has raised alarm due to its ability to remain hidden and undetected by most antivirus programs, posing a risk to users and businesses relying on these platforms.
DarkCracks operates as a highly advanced malware framework, designed to exploit vulnerable systems over a prolonged period. Instead of merely infecting devices, it uses them as Launchers to deploy additional malicious components. Attackers gain entry by targeting compromised public websites, such as school networks or transportation systems, turning them into platforms to spread malware to other unsuspecting users.
Once attackers infiltrate a server, they initiate a multi-phase attack by uploading files that execute further malicious tasks. These components are responsible for gathering sensitive data, maintaining long-term access, and keeping control over the infected systems under the radar of most cybersecurity defences. The malware is designed for long-term exploitation, adapting to changes and remaining operational even when parts of it are detected and removed by security measures.
What makes DarkCracks particularly dangerous is its ability to evade detection for extended periods. Some of its elements have managed to stay hidden for over a year, avoiding detection by even the most sophisticated cybersecurity tools. Despite QiAnXin’s analysis, some core elements, includin
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.