The actor with the motivated threat was associated with a permanent phishing email, which has been ongoing at least July 2024, specifically focused on users in Poland and Germany.
Attacks led to the deployment of various useful loads such as Tesla’s agent. A snake keyand used to be an unregistered back of Tornet, which is delivered with the help of Purecrypter. Tornet is so named due to what allows the actor the threat to communicate with the victim’s car victim Tor.
“The actor performs the planned task on the victim’s cars – Note in an analysis published today.
“The actor also disables the victim’s car from the network before dropping the useful load, and then connect it back into the network, which avoids cloudy anti -oxygen solutions.”
The starting point of the attack is phishing -electronic mail with fake confirmation of money or receipt, and the actor threatens as financial institutions, as well as production and logistics companies. These messages are attached to the .tgz files’ expansion in the likely attempt to avoid detecting.
Opening a compressed email attachment and extracting the contents of the archive leads to a .net loader, which in turn loads and launches Purecrypter directly into memory.
Then the malicious Purecrypter software continues to launch the back of Tornet, but not before conducting a series of anti-Deeber, anti-Nalysis, anti-VM and anti-software on the victim’s car to fly under the radar.
“Backdoor Tornet sets the C2 connection and also connects the victim’s car with the Tor network,” Raghuras said. “He has opportunities to receive and run arbitrary .Net .Net assembly in the victim’s car loaded from the C2 server, increasing the surface of the attack for further invasion.”
The disclosure of information takes place a few days after the second half of 2024. In the second half of 2024, there was a surge of e -mail threats that uses hidden text, with the purpose of extracting brands by email and detection engines.
“Hidden texting is a simple but effective technique for bypassing PARSERS by email, confusing spam -filters and evasion of detection engines that count on keywords,” Omid Mirzay Security Research – Note. “The idea is to include some characters in the e -mail source that is not visually recognizable.”
In order to withstand such attacks, it is recommended to develop additional filtering methods that can detect hidden texting and concealing content, including detection of CSS properties such as “visibility” and “display”, and take an approach to detecting a visual similarity (for example ,, such as For example, for example, Sand) to expand the possibilities of detection.
