216.73.217.80

Fake Browser Updates Lead to BOINC Volunteer Computing Software

· Published 22/07/2024 15:56 · Modified 22/07/2024 16:13

Export JSON

Essential information

Published
22/07/2024 15:56
Modified
22/07/2024 16:13
Tags
2024-07-22 boinc fakeupdates
Related entities
17 observables, 1 intrusion sets (apt), 12 techniques (mitre), 1 malware

Description

This report details a recent malware campaign involving the infamous SocGholish/ malware, which tricks users into downloading fake browser updates. However, instead of installing common remote access tools (RATs) as the final payload, some infections resulted in the installation of the legitimate but maliciously misused (Berkeley Open Infrastructure for Network Computing) software, likely as a mechanism for gaining remote access and control over infected systems. The actors leveraged obfuscated PowerShell scripts and scheduled tasks for persistence, and connected to malicious servers hosted on domains like rosettahome.top and rosettahome.cn. While the threat actors' motivations are unclear, the illicit use of represents a novel technique for establishing command and control over compromised hosts.

External references