• Categories
    Category
  • Categories
    Category
  • News
  • Tutorials
  • Forums
  • Tags
  • Users
News Comments FAQ Related Articles

New backdoor SLUB uses watering hole attack to target victims

5333

The researchers from Trend Micro recently discovered a new backdoor called as ‘SLUB’ that propagates via watering hole attacks, a technique where attackers observe the websites frequently visited by targets, identify the website's vulnerabilities, and inject malicious code into the website to infect the targets visiting the website.

The attackers have exploited the VBScript engine vulnerability (CVE-2018-8174) that was patched by Microsoft in May 2018. After exploiting the vulnerability, it downloads a DLL and runs it in PowerShell. After that, the DLL downloads and runs the second executable file has a sneaky SLUB backdoor. The downloader also exploits the CVE-2015-1701 vulnerability to obtain Local Privilege Escalation.

It is reported that the SLUB backdoor was connecting to the Slack platform, a collaborative messaging system. It scans for anti-virus software processes and if it doesn't deduct anything, it proceeds to attacks, else it exits.

It adds a run key to the Windows Registry, hence it persists. It also downloads a Gist snippet where the attackers can store the commands required for the malware to execute on compromised computers. Each compromised computer will execute the commands that are enabled in the gist snippet. The output of every command is sent to a private slack channel using the embedded tokens.

Tags:
nathencooke
Author: 

Comments ( 0 )

No comments available

Add a comment

Frequently asked questions ( 0 )

No questions available

Related News in New backdoor SLUB uses watering hole attack to target victims

Related News in New backdoor SLUB uses watering hole attack to target victims

CryptoMix Clop Ransomware Variant Targets Not Individual Machines But Whole Networks
CryptoMix Clop Ransomware Variant Targets Not Individual Machines But Whole Networks
Mar 12, 2019
URL Attacks and The Ways to Stay Away from Them!
URL Attacks and The Ways to Stay Away from Them!
Mar 19, 2019
ATM Skimming Attack With Hijacked ATM Security Camera to Steal User’s PIN
ATM Skimming Attack With Hijacked ATM Security Camera to Steal User’s PIN
Mar 13, 2019
Nine Popular WordPress plugins affected with critical SQL injection vulnerabilities
Nine Popular WordPress plugins affected with critical SQL injection vulnerabilities
Sep 7, 2019
Magecart Targets OpenCart Websites Payment Information
Magecart Targets OpenCart Websites Payment Information
May 17, 2019
WordPress 5.1.1 fixes a threatening XSS vulnerability
WordPress 5.1.1 fixes a threatening XSS vulnerability
Mar 22, 2019
Major Security Flaw Found in Cisco Routers
Major Security Flaw Found in Cisco Routers
Oct 2, 2019
New backdoor SLUB uses watering hole attack to target victims
New backdoor SLUB uses watering hole attack to target victims
Mar 13, 2019
Back To Top!
Rank
User
Points

Top Contributers

userNamenaveelansari
135850

Top Contributers

userNameayanbhatti
92510

Top Contributers

userNamehamzaahmed
32150

Top Contributers

1
userNamelinuxhelp
31040

Top Contributers

userNamemuhammadali
24500
Can you help Owen ?
How to add SSH key to my Gitlab account

I need to add the SSH key in my gitlab account. How to do so ????

Networking
  • Routing
  • trunk
  • Netmask
  • Packet Capture
  • domain
  • HTTP Proxy
Server Setup
  • NFS
  • KVM
  • Memory
  • Sendmail
  • WebDAV
  • LXC
Shell Commands
  • Cloud commander
  • Command line archive tools
  • last command
  • Shell
  • terminal
  • Throttle
Desktop Application
  • Linux app
  • Pithos
  • Retrospect
  • Scribe
  • TortoiseHg
  • 4Images
Monitoring Tool
  • Monit
  • Apache Server Monitoring
  • EtherApe 
  • Arpwatch Tool
  • Auditd
  • Barman
Web Application
  • Nutch
  • Amazon VPC
  • FarmWarDeployer
  • Rukovoditel
  • Mirror site
  • Chef
Contact Us | Terms of Use| Privacy Policy| Disclaimer
© 2025 LinuxHelp.com All rights reserved. Linux™ is the registered trademark of Linus Torvalds. This site is not affiliated with linus torvalds in any way.