BTC $51740.4000
ETH $3112.6552
BNB $388.4861
SOL $103.4699
XRP $0.5425
ADA $0.5914
AVAX $37.4726
TRX $0.1377
DOGE $0.0861
wstETH $3608.1939
LINK $18.7122
DOT $7.9253
WETH $3099.5051
UNI $11.0991
MATIC $0.9984
WBTC $51892.2111
IMX $3.2035
ICP $12.4694
LTC $70.1056
BCH $267.9077
CAKE $3.1362
FIL $8.1161
ETC $27.2027
KAS $0.1709
RNDR $7.2125
DAI $1.0003
HBAR $0.1094
ATOM $10.3766
INJ $35.7526
TON $2.0791
OKB $50.2401
VET $0.0451
FDUSD $1.0003
LDO $3.3874
GRT $0.2891
ARB $1.9019
STX $2.5976
XMR $129.3498
TIA $16.7710
XLM $0.1165
ENS $22.8347
NEAR $3.7109
APEX $2.4753
WEMIX $2.0914
MKR $2051.3393
RETH $3421.4719
ALGO $0.2075
BTC $51740.4000
ETH $3112.6552
BNB $388.4861
SOL $103.4699
XRP $0.5425
ADA $0.5914
AVAX $37.4726
TRX $0.1377
DOGE $0.0861
wstETH $3608.1939
LINK $18.7122
DOT $7.9253
WETH $3099.5051
UNI $11.0991
MATIC $0.9984
WBTC $51892.2111
IMX $3.2035
ICP $12.4694
LTC $70.1056
BCH $267.9077
CAKE $3.1362
FIL $8.1161
ETC $27.2027
KAS $0.1709
RNDR $7.2125
DAI $1.0003
HBAR $0.1094
ATOM $10.3766
INJ $35.7526
TON $2.0791
OKB $50.2401
VET $0.0451
FDUSD $1.0003
LDO $3.3874
GRT $0.2891
ARB $1.9019
STX $2.5976
XMR $129.3498
TIA $16.7710
XLM $0.1165
ENS $22.8347
NEAR $3.7109
APEX $2.4753
WEMIX $2.0914
MKR $2051.3393
RETH $3421.4719
ALGO $0.2075
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Gopuram becomes the main weapon in the attack on cryptocurrency companies

    Cryptocurrency companies affected by the 3CX supply chain attack are infected with the Gopuram backdoor, which delivers additional malware to targeted devices.

    In March, the Lazarus Group carried out a cyberattack on 3CX, a company providing VoIP telephony services. During the campaign, the firm's clients were infected with Trojan versions of 3CX desktop applications for Windows and macOS in a large-scale attack on the supply chain.

    In this attack, the attackers replaced two DLLs used by a Windows desktop application with malicious versions that downloaded trojans to steal information.

    Recently, Kaspersky Lab discovered that the Gopuram backdoor, previously used by the Lazarus hacker group against crypto companies since at least 2020, has also been deployed as a stage 2 payload in attacks against 3CX clients.

    Gopuram is a modular backdoor that performs the following functions:

    • Manipulating the registry and Windows services;
    • Changing the date of a binary file (timestomping) to avoid detection;
    • Payload injection into running processes;
    • Loading unsigned Windows drivers using the open source Kernel Driver Utility;
    • Partial control of the infected device via the “net” command.

    New Gopuram infections made it possible to attribute the attack on 3CX to the Lazarus group. Kaspersky Lab researchers believe that Gopuram is the main implant and payload of the last stage in the chain of attacks on 3CX. In March 2023, the number of Gopuram infections increased around the world: attackers delivered a malicious library (wlbsctrl.dll) and encrypted shellcode (.TxR.0.regtrans-ms) to the systems of cryptocurrency companies affected by the attack on the 3CX supply chain.

    Telemetry showed that devices worldwide were infected, with the highest rates of infection observed in Brazil, Germany, Italy and France. Since the Gopuram backdoor was deployed on less than 10 infected machines, this indicates that the attacks are targeted, as well as that the attackers have a particular interest in cryptocurrency companies.

    Author DeepWeb
    AlienFox massively steals data from cloud services
    BlackCat brought New York court into the 20th century

    Comments 0

    Add comment