41 min listen
Malware in pirated Windows installation files. [Research Saturday]
FromCyberWire Daily
ratings:
Length:
14 minutes
Released:
Jul 3, 2021
Format:
Podcast episode
Description
Guest Tom Roter from Minera Labs joins Dave to discuss his team research: "Rigging a Windows Installation." It is common knowledge that pirated software might contain malware, yet millions still put themselves and their devices at risk and download from dubious sources. It is even more surprising to see the popularity of torrented operating system installations, which are ranked at the top of most torrent tracker ranking lists. Today we will prove conventional wisdom right and show off a devious, yet clever attack chain employed by an infected Windows 10 image, frequently shared and downloaded by tens of thousands of users.
Over the last year, numerous malicious PowerShell events popped up in our telemetry. The events caught our attention because a payload was being downloaded into the “C:\Windows” directory, which is usually well guarded under NTFS permissions, this implies that the attacker had very high privilege on the compromised system.
The research can be found here:
Rigging a Windows installation
Over the last year, numerous malicious PowerShell events popped up in our telemetry. The events caught our attention because a payload was being downloaded into the “C:\Windows” directory, which is usually well guarded under NTFS permissions, this implies that the attacker had very high privilege on the compromised system.
The research can be found here:
Rigging a Windows installation
Released:
Jul 3, 2021
Format:
Podcast episode
More Episodes from CyberWire Daily
Dropbox sign breach exposes secrets. by CyberWire Daily