BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • HTML Smuggling is a new cybersecurity issue in Europe

    How is the PlugX trojan spread using common web browsers by Chinese hackers?

    Using HTML Smuggling methods, an unidentified hacker group thought to have ties to the Chinese Communist Party attacked foreign ministries and embassies in Europe and installed the PlugX Trojan on compromised systems.

    Check Point, a cybersecurity company, reported this and dubbed this operation SmugX. The researchers claim that the malicious campaign began in December 2022.

    According to a report from Check Point, "the campaign uses new delivery methods for PlugX, a spyware that is frequently linked to various Chinese threats." 

    Although the payload itself resembles that of earlier PlugX versions, the delivery methods offer a low level of detection, which, up until recently, helped the campaign go undetected, the experts continued.

    Although it is not yet clear which group is behind this operation, the evidence suggests that it is the Mustang Panda group, which also shares members with the Earth Preta, Red Delta, and Camaro Dragon threat clusters, according to the Check Point classification.

    Furthermore, the researchers claimed that there is currently "insufficient evidence" to definitively attribute this hacker collective. 

    The latest SmugX campaign attack is notable for its use of HTML Smuggling, a devious technique in which cybercriminals exploit legitimate HTML5 and JavaScript capabilities to assemble and run malware in deceptive documents attached to phishing emails.

    "HTML Smuggling employs HTML5 attributes that can function offline by storing the binary in an immutable block of data within the JavaScript code."

    When opened in a web browser, block or embedded payload data is decoded into a file object," Trustwave reported in February of this year. 

    An examination of the papers submitted to the VirusTotal malware database reveals that they are intended to target diplomats and government agencies in the Czech Republic, Hungary, Slovakia, the United Kingdom, and, most likely, France and Sweden.

    To decode and launch the ultimate payload, PlugX, the multi-stage infection procedure employs the already painfully familiar DLL Sideloading mechanism.

    PlugX, on the other hand, is a spyware that first surfaced in 2008 and is a modular Trojan capable of supporting "a range of plug-ins with varying functions" that allows its operators to steal files, record the screen, log keystrokes, and execute instructions.

    "During our study of the samples, the attacker submitted a batch script obtained from the C2 server, aimed to delete any signs of his activities," Check Point stated.

    "This script eliminates the genuine executable, the PlugX loader DLL, and the registry key required for persistence before deleting itself." "This is most likely due to the attackers being aware that they were being watched," the researchers found.

    Author DeepWeb
    Meduza, an information thief, will reveal any secrets of his victims to hackers.
    Due to the gathering of data from people all over the world, MI6 service was able to take China "on the fly."

    Comments 0

    Add comment