SoylentNews is people
SoylentNews
Hackers Distributed a Trojanized Build of Windows 10 to Infiltrate Ukrainian Targets - ExtremeTech:
Downloading a copy of Windows from shady online sources is never a good idea, but it was even more dangerous in Ukraine recently. Cybersecurity firm Mandiant identified a trojanized version of Windows 10 being distributed online, and it was modified specifically to gain access to Ukrainian computer systems. While there are no clear fingerprints on the malicious ISO, Mandiant notes the targets overlap with previous operations from Russia's security services.
The Windows installer purports to be a 64-bit build of Windows 10, labeled "Win10_21H2_Ukrainian_x64.iso." It uses the Ukrainian language pack and was distributed primarily on toloka.to, a torrent tracker that focuses on Ukrainian users. It also appeared on a Russian torrent tracker. It seems likely this malware campaign is connected to the ongoing war in Ukraine.
According to Mandiant, the campaign doesn't appear to have any financial motive — there are no ransomware installers or crypto miners to be seen. Although, distributing a Windows ISO isn't the most efficient way to get these malicious packages onto machines. It is, however, useful if you want complete access to a system with the ability to install additional malware packages when you find a juicy target. The way these additional tools were deployed led Mandiant to suspect Russia's GRU spy agency and government-backed hacking groups like APT28.
Installing the malicious ISO will get you what appears to be a fully functional version of Windows 10, but the underlying code has been modified in several vital ways. For one, it doesn't send security telemetry back to Microsoft as a regular build of Windows does. After installation, embedded tools scan the system for useful information via scheduled and modified system tasks. That data is then sent to a remote server. Some installations were also loaded with additional malware tools after installation, suggesting these targets were of particular interest to the hackers.
Of course, we wouldn't fall for this, would we? But I bet we all know someone who would happily install similar software if it was in their own language.
(Score: 2) by RamiK on Thursday December 22, @03:28PM
The move to SaaS for obviously client-side software came about from software vendors realizing companies just don't keep track of their software licenses. That is, techs simply add every piece of software the company uses to their one-disk-image-to-serve-them-all. So, whether it's actually being used or not, you can bet your ass there's plenty of software corporate piracy still going on. It's just that the software vendor that care about end up doing telemetry or moving to SaaS and realize it was never being used and those that don't just license for something like 1000 heads and maybe throw in some basic pining to flag really unusual stuff.
compiling...