Mastodon for JamesMWright.com
#backdoor

👁 found in digitally signed products sold to banks, pharmaceutical manufacturers, and energy companies by NetSarang, Inc. Suspicious DNS queries yielded the discovery. 🔐

Are you watching your network traffic? 🤔

🔦securelist.com/shadowpad-in-co

💾 arstechnica.com/information-te

mastodon.jamesmwright.com/medi

"The backdoored module does not use any external servers as C&Cs: it uses the M.E.Doc software’s regular update check requests to the official M.E.Doc server upd.me-doc.com[.]ua. The only difference from a legitimate request is that the backdoored code sends the collected information in cookies."
welivesecurity.com/2017/07/04/
#backdoor #malware #petya