Protect Your Accounts: Infostealer Malware Highlights the Need for 2FA Activation (2024)

Research Wing

Innovation and Research

PUBLISHED ON

Apr 16, 2024

Recent Incidents:

Recent reports are revealing a significant security threat linked to a new infostealer based malware campaign known to solely target gaming accounts. This attack has affected users of Activision and other gaming websites. The sophisticated software has captured millions of login credentials, notably from the cheats and players. The officials at Activision Blizzard, an American video game holding company, are still investigating the matter and collaborating with cheated developers to minimize the impact and inform the accounts’ residents of appropriate safety measures.

Overview:

Infostealer, also known as information stealer, is a type of malware designed in the form of a Trojan virus for stealing private data from the infected system. It can have a variety of incarnations and collect user data of various types such as browser history, passwords, credit card numbers, and login details and credentials to social media, gaming platforms, bank accounts, and other websites. Bad actors use the log obtained as a result of the collection of personal records to access the victim’s financial accounts, appropriate the victim’s online identity, and perform fraudulent actions on behalf of the victim.

Modus Operandi:

Infostealer is a malicious program created to illegally obtain people's login details, like usernames and passwords. Its goal is to enable cyberattacks, sell on dark web markets, or pursue malicious aims.

This malware targets both personal devices and corporate systems. It spreads through methods like phishing emails, harmful websites, and infected public sites.

Once inside a device, Infostealer secretly gathers sensitive data like passwords, account details, and personal information. It's designed to infiltrate systems being undetected. The stolen credentials are compiled into datalogs. These logs are then sold illegally on dark web marketplaces for profit.

Analysis:

‍

Protect Your Accounts: Infostealer Malware Highlights the Need for 2FA Activation (2)

‍

Protect Your Accounts: Infostealer Malware Highlights the Need for 2FA Activation (3)

Basic properties:

MD5: 06f53d457c530635b34aef0f04c59c7d
SHA-1: 7e30c3aee2e4398ddd860d962e787e1261be38fb
SHA-256: aeecc65ac8f0f6e10e95a898b60b43bf6ba9e2c0f92161956b1725d68482721d
Vhash: 145076655d155515755az4e?z4
Authentihash: 65b5ecd5bca01a9a4bf60ea4b88727e9e0c16b502221d5565ae8113f9ad2f878
Imphash: f4a69846ab44cc1bedeea23e3b680256
Rich PE header hash: ba3da6e3c461234831bf6d4a6d8c8bff
SSDEEP: 6144:YcdXHqXTdlR/YXA6eV3E9MsnhMuO7ZStApGji*zcX8aVEKn3js7/FQAMyzSzdyBk8:YIKXd/UgGXS5U+SzdjTnE3V
TLSH:T1E1B4CF8E679653EAC472823DCC232595E364FB009267875AC25702D3EFBB3D56C29F90
File type: Win32 DLL executable windows win32 pepe dll
Magic: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
File size: 483.50 KB (495104 bytes)

Additional Hash Files:

160389696ed7f37f164f1947eda00830
229a758e232aeb49196c862655797e12
23e4ac5e7db3d5a898ea32d27e8b7661
3440cced6ec7ab38c6892a17fd368cf8
36d7da7306241979b17ca14a6c060b92
38d2264ff74123f3113f8617fabc49f6
3c5c693ba9b161fa1c1c67390ff22c96
3e0fe537124e6154233aec156652a675
4571090142554923f9a248cb9716a1ae
4e63f63074eb85e722b7795ec78aeaa3
63dd2d927adce034879b114d209b23de
642aa70b188eb7e76273130246419f1d
6ab9c636fb721e00b00098b476c49d19
71b4de8b5a1c5a973d8c23a20469d4ec
736ce04f4c8f92bda327c69bb55ed2fc
7acfddc5dfd745cc310e6919513a4158
7d96d4b8548693077f79bc18b0f9ef21
8737c4dc92bd72805b8eaf9f0ddcc696
9b9ff0d65523923a70acc5b24de1921f
9f7c1fffd565cb475bbe963aafab77ff

Indicators of Compromise:

Unusual Outbound Network Traffic: An increase in odd or questionable outbound network traffic may be a sign that infostealer malware has accessed more data.

Anomalies in Privileged User Account Activity: Unusual behavior or illegal access are two examples of irregular actions that might indicate a breach in privileged user accounts.

Suspicious Registry or System File Changes: Infostealer malware may be trying to alter system settings if there are any unexpected changes to system files, registry settings, or configurations.

Unusual DNS queries: When communicating with command and control servers or rerouting traffic, infostealer malware may produce strange DNS queries.

Unexpected System Patching: Unexpected or unauthorized system patching by unidentified parties may indicate that infostealer malware has compromised the system and is trying to hide its footprint or become persistent.

Phishing emails and social engineering attempts: It is a popular strategy employed by cybercriminals to get confidential data or implant malicious software. To avoid compromise, it is crucial to be wary of dubious communications and attempts of social engineering.

Recommendations:

Be Vigilant: In today's digital world, many cybercrimes threaten online safety, Phishing tricks, fake web pages, and bad links pose real dangers. Carefully check email sources. Examine websites closely. Use top security programs. Follow safe browsing rules. Update software often. Share safety tips. These steps reduce risks. They help keep your online presence secure.

Regular use of Anti-Virus Software to detect the threats: Antivirus tools are vital for finding and stopping cyber threats. These programs use signature detection and behavior analysis to identify known malicious code and suspicious activities. Updating virus definitions and software-patches regularly, improves their ability to detect new threats. This helps maintain system security and data integrity.

Provide security related training to the employees and common employees: One should learn Cybersecurity and the best practices in order to keep the office safe. Common workers will get lessons on spotting risks and responding well, creating an environment of caution.

Keep changing passwords: Passwords should be changed frequently for better security. Rotating passwords often makes it harder for cyber criminals to compromise and make it happen or confidential data to be stolen. This practice keeps intruders out and shields sensitive intel.

Conclusion:

To conclude, to reduce the impact and including the safety measures, further investigations and collaboration are already in the pipeline regarding the recent malicious software that takes advantage of gamers and has stated that about millions of credentials users have been compromised. To protect sensitive data, continued usage of antivirus software, use of trusted materials and password changes are the key elements. The ways to decrease risks and safely protect sensitive information are to develop improved Cybersecurity methods such as multi-factor authentication and the conduct of security audits frequently. Be safe and be vigilant.

Reference:

https://techcrunch.com/2024/03/28/activision-says-its-investigating-password-stealing-malware-targeting-game-players/
https://www.bleepingcomputer.com/news/security/activision-enable-2fa-to-secure-accounts-recently-stolen-by-malware/
https://cyber.vumetric.com/security-news/2024/03/29/activision-enable-2fa-to-secure-accounts-recently-stolen-by-malware/
https://www.virustotal.com/
https://otx.alienvault.com/

‍

PUBLISHED ON

Apr 16, 2024

Related Blogs

BGMI Relaunch10May 19, 2023

Introduction

As e-sports flourish in India, mobile gaming platforms and apps have contributed massively to this boom. The wave of online mobile gaming has led to a new recognition of esports. As we see the Sports Ministry being very proactive for e-sports and e-athletes, it is pertinent to ensure that we do not compromise our cyber security for the sake of these games. When we talk about online mobile gaming, the most common names that come to our minds are PUBG and BGMI. As news for all Indian gamers, BGMI is set to be relaunched in India after approval from the Ministry of Electronics and Information Technology.

Why was BGMI banned?

The Govt banned Battle Ground Mobile India on the pretext of being a Chinese application and the fact that all the data was hosted in China itself. This caused a cascade of compliance and user safety issues as the Data was stored outside India. Since 2020 The Indian Govt has been proactive in banning Chinese applications, which might have an adverse effect on national security and Indian citizens. Nearly 200 plus applications have been banned by the Govt, and most of them were banned due to their data hubs being in China. The issue of cross-border data flow has been a key issue in Geo-Politics, and whoever hosts the data virtually owns it as well and under the potential threat of this fact, all apps hosting their data in China were banned.

Why is BGMI coming back?

BGMI was banned for not hosting data in India, and since the ban, the Krafton Inc.-owned game has been engaging in Idnai to set up data banks and servers to have a separate gaming server for Indian players. These moves will lead to a safe gaming ecosystem and result in better adherence to the laws and policies of the land. The developers have not declared a relaunch date yet, but the game is expected to be available for download for iOS and Android users in the coming few days. The game will be back on app stores as a letter from the Ministry of Electronics and Information Technology has been issued stating that the games be allowed and made available for download on the respective app stores.

Grounds for BGMI

BGMI has to ensure that they comply with all the laws, policies and guidelines in India and have to show the same to the Ministry to get an extension on approval. The game has been permitted for only 90 days (3 Months). Hon’ble MoS Meity Rajeev Chandrashekhar stated in a tweet “This is a 3-month trial approval of #BGMI after it has complied with issues of server locations and data security etc. We will keep a close watch on other issues of User harm, Addiction etc., in the next 3 months before a final decision is taken”. This clearly shows the magnitude of the bans on Chinese apps. The ministry and the Govt will not play the soft game now, it’s all about compliance and safeguarding the user’s data.

Way Forward

This move will play a significant role in the future, not only for gaming companies but also for other online industries, to ensure compliance. This move will act as a precedent for the issue of cross-border data flow and the advantages of data localisation. It will go a long way in advocacy for the betterment of the Indian cyber ecosystem. Meity alone cannot safeguard the space completely, it is a shared responsibility of the Govt, industry and netizens.

Conclusion

The advent of online mobile gaming has taken the nation by storm, and thus, being safe and secure in this ecosystem is paramount. The provisional permission form BGMI shows the stance of the Govt and how it is following the no-tolerance policy for noncompliance with laws. The latest policies and bills, like the Digital India Act, Digital Personal Data Protection Act, etc., will go a long way in securing the interests and rights of the Indian netizen and will create a blanket of safety and prevention of issues and threats in the future.

Web Accessibility in India for Persons With Disability10December 4, 2023

The concept of web accessibility (i.e., access to the internet) stems from the recognition of internet access as an inalienable right. In 2016, the United Nations Human Rights Commission (UNHRC) General Assembly referred to the access to Internet as an essential human right. The Supreme Court of India also declared such internet access as a fundamental right under the Constitution of India. Various international instruments of which India is a signatory, such as the United Nations Convention on Rights of Persons with Disabilities (UNCRPD) mandate access to information. The heavy reliance on the internet and websites necessitates making the web space inclusive, navigational and accessible to all individuals, including persons with disabilities.

Various laws mandate web accessibility:

Right of Persons with Disability Act, 2016: The Right of Persons with Disability Act 2016 Is the primary document for the protection of the rights of persons with disabilities to ensure their full participation. The Act provides several direct and indirect provisions (such as Section 2(y) “Reasonable Accommodation”, Section 40 on “Accessibility”, and Section 42 on “Access to Information and Communication Technology”) to ensure that technology products and services are accessible to a person with disabilities.
Rights of Persons with Disabilities Rules 2017: The 2017 rules under Rule 15 (2) task the respective Ministries and Departments to ensure compliance with accessibility standards.
Guidelines for Indian Government Websites (GIGW): The GIGW provide a framework for websites to be designed in accordance with Web Content Accessibility Guidelines (WCAG) 2.0 standards. The GIGW enables websites to obtain certification by the Standardisation Testing and Quality Certification Directorate, after audit.

Various other policies include;

National Policy on Universal Electronic Accessibility, 2013: The National Policy ("Policy") on Electronic Accessibility recognizes the need to eliminate discrimination on the basis of disabilities and to facilitate equal access to Electronics & ICTs. The National Policy also recognizes the diversity of differently-abled persons and provides for their specific needs. The Policy covers accessibility requirements in the area of Electronics & ICT by different stakeholders. It recognizes the need to ensure that accessibility standards, guidelines and universal design concepts are adopted and adhered to.
Web Content Accessibility Guidelines (WCAG): The WCAG defines how to make web content more accessible to persons with disabilities. While adhering to these guidelines is optional, various versions of the WCAG have been issued. It operates on four principles; perceivable, operable, understandable and robust. It provides a path to ensuring compliance and demonstrating reasonable accommodation for persons with disabilities.

However, despite the laws, web accessibility remains a challenge. A vast majority of Indian websites, especially e-commerce entities and several government websites remain inaccessible to persons with disabilities and most often do not conform with international accessibility standards. A report by the Centre of Internet and Society states that out of the 7800 websites of the Government of India, 5815 had accessibility barriers and 1985 websites failed to open. The report also notes that more than half of the websites had no navigation markup and only 52 websites had the option to change colours. The Ministry of Electronics and Information Technology (MeITy), during the 258^th Session of the Rajya Sabha on 9 December 2022 noted that 95 websites of the Central Government have been made accessible to persons with disabilities during the COVID-19 pandemic, however, only 45 websites of the Central Government have been certified as compliant under the Guidelines for Indian Government Websites (GIGW). As of that date, certification of the remaining governmental websites remains incomplete due to the pandemic. Meity also stated that the Department of Empowerment of Persons with Disabilities in 2017 sanctioned a project to be implemented by ERNET India for making 917 websites of State and Union territories. Under the project, a total of 647 websites have been made accessible as of that date.

Conclusion

While India has established a robust legal framework and policies emphasizing the importance of web accessibility as a fundamental right, the existing gap between legislation and effective implementation poses a significant challenge. The reported accessibility barriers on numerous government and e-commerce websites indicate a pressing need for heightened efforts in enforcing and enhancing accessibility standards.

In addressing these challenges, continued collaboration between government agencies, private entities and advocacy groups can play a crucial role. Ongoing monitoring, regular audits and public awareness campaigns may contribute to improving accessibility for persons with disabilities to ensure an inclusive environment and compliance with fundamental laws.

References:

Massacre of Misinformation10January 29, 2024

Introduction

The recent events in Mira Road, a bustling suburb on the outskirts of Mumbai, India, unfold like a modern-day parable, cautioning us against the perils of unverified digital content. The Mira Road incident, a communal clash that erupted into the physical realm, has been mirrored and magnified through the prism of social media. The Maharashtra Police, in a concerted effort to quell the spread of discord, issued stern warnings against the dissemination of rumours and fake messages. These digital phantoms, they stressed, have the potential to ignite law and order conflagrations, threatening the delicate tapestry of peace.

The police's clarion call came in the wake of a video, mischievously edited, that falsely claimed anti-social elements had set the Mira Road railway station ablaze. This digital doppelgänger of reality swiftly went viral, its tendrils reaching into the ubiquitous realm of WhatsApp, ensnaring the unsuspecting in its web of deceit.

In this age of information overload, where the line between fact and fabrication blurs, the police urged citizens to exercise discernment. The note they issued was not merely an advisory but a plea for vigilance, a reminder that the act of sharing unauthenticated messages is not a passive one; it is an act that can disturb the peace and unravel the fabric of society.

The Massacre

The police's response to this crisis was multifaceted. Administrators and members of social media groups found to be the harbingers of such falsehoods would face legal repercussions. The Thane District, a mosaic of cultural and religious significance, has been marred by a series of violent incidents, casting a shadow over its storied history. The police, in their role as guardians of order, have detained individuals, scoured social media for inauthentic posts, and maintained a vigilant presence in the region.

The Maharashtra cyber cell, a digital sentinel, has unearthed approximately 15 posts laden with videos and messages designed to sow discord among the masses. These findings were shared with the Mira-Bhayandar, Vasai-Virar (MBVV) police, who stand ready to take appropriate action. Inspector General Yashasvi Yadav of the Maharashtra cyber cell issued an appeal to the public, urging them to refrain from circulating such unverified messages, reinforcing the notion that the propagation of inauthentic information is, in itself, a crime.

The MBVV police, in their zero-tolerance stance, have formed a team dedicated to scrutinizing social media posts. The message is clear: fake news will be met with strict action. The right to free speech on social media comes with the responsibility not to share information that could incite mischief. The Indian Penal Code and Information Technology Act serve as the bulwarks against such transgressions.

The Aftermath

In the aftermath of the clashes, the police have worked tirelessly to restore calm. A young man, whose video replete with harsh and obscene language went viral, was apprehended and has since apologised for his actions. The MBVV police have also taken to social media to reassure the public that the situation is under control, urging them to avoid circulating messages that could exacerbate tensions.

The Thane district has witnessed acts of vandalism targeting shops, further escalating tensions. In response, the police have apprehended individuals linked to these acts, hoping that such measures will expedite the return of peace. Advisories have been issued, warning against the dissemination of provocative messages and rumours.

In total, 19 individuals have been taken into custody in relation to numerous incidents of violence. The Mira-Bhayandar and Vasai-Virar police have underscored their commitment to legal action against those who spread rumours through fake messages. The authorities have also highlighted the importance of brotherhood and unity, reminding citizens that above all, they are Indians first.

Conclusion

In a world where old videos, stripped of context, can fuel tensions, the police have issued a note referring to the aforementioned fake video message. They urge citizens to exercise caution, to neither believe nor circulate such messages. Police Authorities have assured that no one involved in the violence will be spared, and peace committees are being convened to restore harmony. The Mira Road incident serves as a sign of the prowess of information and responsibility that comes with it. In the digital age, where the ephemeral and the eternal collide, we must navigate the waters of truth with care. Ultimately, it is not just the image of a locality that is at stake, but the essence of our collective humanity.

References

‍