Analysts from the Cybereason GSOC team have examined a unique method that makes use of Notepad++ plugins to evade and persist against security safeguards on a computer.
This report, called Threat Analysis, is a part of a series titled “Purple Team Series” which analyzes current attack methods, how hackers use them, and how to spot when they are being utilized.
Threat Analysis Reports are published by the Cybereason Global Security Operations Center (GSOC) Team to provide information on emerging threats. These risks are examined in the Threat Analysis Reports, which also offer useful advice for defending against them.
Plugins are merely modules that are created specifically using programming languages like C# or installed from the community-maintained approved list. The %PROGRAMFILES%Notepad++plugins directory is where these plugins are kept.
Threat Analysis
The organization stated in an advisory on Wednesday that a security researcher going by the moniker of RastaMouse successfully showed how to create a malicious plugin that can be used as a persistence mechanism using the open-source project Notepad++ Plugin Pack.
The plugin bundle alone is essentially a Visual Studio.NET package that offers a simple framework for creating plugins. However, advanced persistent threat (APT) organizations have in the past used Notepad++ plugins for evil.
According to the Cybereason advice, “The A
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: