1. Forum
  2. Usenet
  3. COMP.MOBILE.ANDROID

  • Russian GRU clumsy C++ based TOR attack on Android tablets

    From Rudolph Rhein@21:1/5 to All on Thu Aug 31 23:06:29 2023
    https://therecord.media/ukraine-battlefield-tablets-malware-sandworm-gru-five-eyes-report

    Western intelligence and cybersecurity agencies published a report on
    Thursday highlighting a collection of hacking tools being used by Russia's military intelligence service against Android devices operated by the
    Ukrainian Armed Forces.

    The report, published by Britain's National Cyber Security Centre (NCSC) - alongside agencies in the United States, Canada, Australia and New Zealand,
    who form the Five Eyes intelligence alliance - names the malware "Infamous Chisel."

    It details how the malware enables the GRU to acquire unauthorized access
    to compromised devices before scanning files, monitoring traffic and periodically stealing sensitive information.

    "Infamous Chisel is a collection of components which enable persistent
    access to an infected Android device over the Tor network, and which periodically collates and exfiltrates victim information from compromised devices," explains the report, referencing the technology that anonymizes internet traffic.

    The components making up the malware "are low to medium sophistication and appear to have been developed with little regard to defence evasion or concealment of malicious activity," according to the new report.

    They lack "basic obfuscation or stealth techniques to disguise activity" according to the NCSC, although the agency says that the hackers behind the malware may have assumed this was unnecessary as many Android devices don't have a host-based detection system.

    The report does credit the malware for two interesting techniques,
    including how it maintains persistence by replacing the legitimate netd
    system binary with a malicious version, and providing the hackers with
    remote access to the devices "by configuring and executing Tor with a
    hidden service which forwards to a modified Dropbear binary providing a SSH connection." Dropbear is legitimate open source Unix-based software for
    Secure Shell (SSH) servers, which encrypt network traffic.

    "These techniques require a good level of C++ knowledge to make the
    alterations and an awareness of Linux authentication and boot mechanisms," states the report.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From =?UTF-8?Q?J=c3=b6rg_Lorenz?=@21:1/5 to All on Thu Aug 31 22:46:23 2023
    Am 31.08.23 um 22:06 schrieb Rudolph Rhein:
    https://therecord.media/ukraine-battlefield-tablets-malware-sandworm-gru-five-eyes-report

    Western intelligence and cybersecurity agencies published a report on Thursday highlighting a collection of hacking tools being used by Russia's

    Do we really need internet-relays? My google still works.

    --
    Alea iacta est

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Gunther F@21:1/5 to hugybear@gmx.net on Thu Aug 31 15:25:04 2023
    Jörg Lorenz <hugybear@gmx.net> said:

    My google still works.

    For the retarded moron you are, it's surprising you can even spell Google.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)