Share this article
Latest news
With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low
Copilot in Outlook will generate personalized themes for you to customize the app
Microsoft will raise the price of its 365 Suite to include AI capabilities
Death Stranding Director’s Cut is now Xbox X|S at a huge discount
Outlook will let users create custom account icons so they can tell their accounts apart easier
eScan antivirus compromised, GuptiMiner malware deployed through updates
Threat actors relied on Man-in-the-Middle (MitM) attack
3 min. read
Published onApril 25, 2024
published onApril 25, 2024
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
Malware attacks are becoming more common than ever. The latest in the series iseScan, an antivirus vendor with headquarters in India, compromised by threat actors to sideload theGuptiMinermalware on the end user’s PC.
Threat actors exploitedeScan’supdate process since it relied onHTTPto deliver updates, instead of the latest and more secureHTTPSprotocol, to sideload the malware.
Researchers atAvastwere the first to identify the vulnerability and share it with eScan. The latter acknowledged the loopholes in the update process and patched it onJuly 31, 2023.
Avastdescribes theGuptiMinermalware as,
The report also links theGuptiMinermalware toKimsuky, a North Korean state-backed hacker group.
Breaking down the GuptiMiner attack through eScan’s updates
Threat actors employed theMan-in-the-Middle (MitM)attack to distribute the malware amongst unsuspecting users. It starts with the antivirus requesting an update package from the server, which threat actors intercept and replace with a malicious one
Although the malicious package contains the relevant updates, it also downloads an infectedversion.dllfile, which has the same permissions as the antivirus. On subsequent reboots, the DLL downloads additional files from the threat actor’s server, at which point the PC is completely compromised.
Avast reports that theGuptiMinermalware also checks for any activeWireshark,WinDbg,TCPView,360 Total Security,Huorong Internet Security,Process Explorer, andProcess Monitorprocesses and terminates any instances ofCisco Talos IntelligenceandAhnLab.
While the attack’s real motive remains unknown, it did sideloadXMRig, a package for mining cryptocurrency. Other than that, the attack deployed two backdoors, one to scan the network for vulnerable systems and another to scan the PC for cryptocurrency wallets and stored private keys.
WhenBleepingComputerreached out to eScan for a comment, the latter confirmed receiving similar reports in2019and resolving it in2020. Besides, it started facilitating downloads overHTTPSto utilize the encryption capabilities of the protocol.
If you are aneScanantivirus user, we recommend reaching out to the developers right away and enquire what changes could be implemented on your end for a safer experience.
The wholeeScan GuptiMinerincident highlights that even antiviruses are prone to attacks. And while there’s no absolute protection, using aneffective antivirus solutioncan lower the possibility of such attacks.
What’s your take on threat actors deployingGuptiMinerviaeScan’supdates? Share with our readers in the comments section.
More about the topics:antivirus,security threats
Kazim Ali Alvi
Windows Hardware Expert
Kazim has always been fond of technology, be it scrolling through the settings on his iPhone, Android device, or Windows PC. He’s specialized in hardware devices, always ready to remove a screw or two to find out the real cause of a problem.
Long-time Windows user, Kazim is ready to provide a solution for your every software & hardware error on Windows 11, Windows 10 and any previous iteration. He’s also one of our experts in Networking & Security.
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Kazim Ali Alvi
Windows Hardware Expert
Kazim is specialized in hardware devices, always ready to remove a screw or two to find out the real cause of a problem.
