Threat Actors Install Backdoor via Fake Palo Alto GlobalProtect Lure

 

Malware disguising itself as the authentic Palo Alto GlobalProtect Tool is employed by malicious actors to target Middle Eastern firms. This malware can steal data and run remote PowerShell commands to further penetrate company networks. A reliable security solution from Palo Alto Networks that supports multi-factor authentication and offers secure VPN access is called Palo Alto GlobalProtect. 

The tool is frequently used by businesses to guarantee that partners, contractors, and distant workers may securely access private network resources. By utilising Palo Alto GlobalProtect as bait, it is evident that attackers target high-value business entities that use enterprise software, as opposed to random users.

Trend Micro researchers have not been able to figure out how the malware is delivered, but based on the bait employed, they believe the attack begins with a phishing email. It checks for indicators of running in a sandbox before executing its main code. Then it sends profile information about the compromised system to the command and control (C2) server. 

As an additional evasion layer, the

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: