USB worm unleashed by Russian state hackers spreads worldwide
arstechnica.com
LitterDrifter's means of self-propagation are simple. So why is it spreading so widely?
  • tsonfeirEnglish
    7312·
    10 months ago

    Once again, it’s an exploit for VB, on Windows. So, don’t use Windows and you’re fine. 😎

    • mindlightEnglish
      113·
      10 months ago

      What do you recommend that is exploit free?

      • Socsa@sh.itjust.worksEnglish
        183·
        10 months ago

        A properly educated user.

        Absent that, a properly secured thin client.

        All of my excel jockeys have about as many userspace privileges as my dog on a 737.

        • mindlightEnglish
          513·
          10 months ago

          Wow… Claiming “a properly educated user” being an exploit free solution is just… I don’t even…

          • RiikkaTheIcePrincess@kbin.social
            5·
            10 months ago

            But you “do even” think it’s sensible to demand perfect security like that’s the only valid alternative to Windows for anyone?

            “[brand] makes slow cars!” “What do you recommend that does 0-60 literally instantaneously?” “This is a reasonable question and implied suggestion and I will now proceed to thoughtfully engage with it, taken literally as stated. Here is my breakdown of companies producing physically impossible road-legal motor vehicles:”

      • tsonfeirEnglish
        11·
        10 months ago

        I’ve got some tin cans if you’ve got the string.

  • AutoTL;DR@lemmings.worldBEnglish
    81·
    10 months ago

    This is the best summary I could come up with:

    A group of Russian-state hackers known for almost exclusively targeting Ukrainian entities has branched out in recent months, either accidentally or purposely, by allowing USB-based espionage malware to infect a variety of organizations in other countries.

    “Gamaredon continues to focus on [a] wide variety [of] Ukrainian targets, but due to the nature of the USB worm, we see indications of possible infection in various countries like USA, Vietnam, Chile, Poland and Germany,” Check Point researchers reported recently.

    The image above, tracking submissions of LitterDrifter to the Alphabet-owned VirusTotal service, indicates that the Gamaredon malware may be infecting targets well outside the borders of Ukraine.

    The data suggests that the number of infections in the US, Vietnam, Chile, Poland, and Germany combined may be roughly half of those hitting organizations inside Ukraine.

    The core essence of the Spreader module lies in recursively accessing subfolders in each drive and creating LNK decoy shortcuts, alongside a hidden copy of the “trash.dll” file.

    “Comprised of two primary components—-a spreading module and a C2 module—it’s clear that LitterDrifter was designed to support a large-scale collection operation,” Check Point researchers wrote.

    The original article contains 739 words, the summary contains 185 words. Saved 75%. I’m a bot and I’m open source!