• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • December 12th, 2019
  • Home
  • About Us
  • Team
  • Advertise
  • Submit News
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Google+
    • Linkedin
    • Youtube
Home » Security » CowerSnail Backdoor Targeting Windows Devices

CowerSnail Backdoor Targeting Windows Devices

July 26th, 2017 Waqas Malware, Security 0 comments
CowerSnail Backdoor Targeting Windows Devices
Share on FacebookShare on Twitter

Kaspersky Lab has identified the presence of a backdoor designed primarily for attacking Windows systems. When the backdoor successfully infects the system the malware automatically enhances its process priorities and creates a connection to the C&C server using the IRC protocol. After collecting system information, it sends it to the C&C domain and exchanges pings with the server. Then, the malware waits for further commands from its distributors.

Security expert Sergey Yunakovsky at Kaspersky Labs said, the malware creates “two separate Trojans” each of which is designed to attack a particular platform, and both have their own set of peculiarities. Therefore, claims Yunakovsky, “it is highly probable that this group will produce more malware in the future.”

[irp posts=”54169″ name=”Leaked NSA Exploit ‘EternalBlue’ Being Used in New Trojan Attacks”]

According to their analysis, this particular backdoor has been designed by the same cyber criminals who previously exploited Samba vulnerability called SambaCry or EternalRed to target Linux systems with a cryptocurrency miner. It is suspected so because the backdoor dubbed by Kaspersky Labs as Backdoor.Win32.CowerSnail is being controlled by the same C&C (command-and-control) server, i-e, cl.ezreal.space:20480, which delivered the Linux malware.

Furthermore, Yunakovsky writes that “Unlike SambaCry, CowerSnail does not download cryptocurrency mining software by default, but instead provides a standard set of backdoor functions:

  • Receive update (local update)
  • Execute any command (BatchCommand)
  • Install CowerSnail as a service, using the Service Control Manager command line interface (Install)
  • Uninstall CowerSnail from service list (Uninstall)
  • Collect system information:
    • Timestamp
    • Installed OS type (e.g. Windows)
    • OS name
    • Host name
    • Information about network interfaces
    • ABI
    • Core processor architecture
    • Information about physical memory”

Experts believe that cyber criminals used Qt for developing the cross-platform development framework CowerSnail, which collects information about the infected device/machine, carries out commands, receives updates and installs/uninstalls itself as a service.

Perhaps the authors have leveraged it to get UNIX code directly transferred without using Windows API. Apart from avoiding the use of APIs and having the code transferred across platforms, Qt also considerably enlarges the size of the resulting file.

For your information, the SambaCry vulnerability was exploited to link the malware on Linux system with the attacker; CVE-2017-7494 can be exploited to enable a server to upload a shared library to a writable share so that remote attacker could execute arbitrary code on the infected system. The products affected by this security vulnerability included NAS appliances or network-attached storage devices and routers.

[irp posts=”52828″ name=”Milkydoor: A malware which can turn an Android phone into hacking device”]

  • Tags
  • Cryptocurrency
  • hacking
  • internet
  • Linux
  • Malware
  • Ransowmare
  • security
  • Windows
Facebook Twitter Google+ LinkedIn Pinterest
Previous article Adobe to Completely Disable Flash Player by 2020
Next article 6 billion records hacked in 2017 so far; ransomware victims paid $25 million
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism.

Related Posts
Plundervolt: A new attack on Intel processors threatening SGX data

Plundervolt: A new attack on Intel processors threatening SGX data

2.7 billion email addresses & plain-text passwords exposed online

2.7 billion email addresses & plain-text passwords exposed online

Cyber attack cripples networks in city of Pensacola days after shooting

Cyber attack cripples networks in city of Pensacola days after shooting

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

LATEST POSTS
Plundervolt: A new attack on Intel processors threatening SGX data
Security

Plundervolt: A new attack on Intel processors threatening SGX data

245
2.7 billion email addresses & plain-text passwords exposed online
Leaks

2.7 billion email addresses & plain-text passwords exposed online

2200
Cyber attack cripples networks in city of Pensacola days after shooting
Cyber Attacks

Cyber attack cripples networks in city of Pensacola days after shooting

735
20 years prison for Romanian hackers who infected 400,000 computers
Cyber Crime

20 years prison for Romanian hackers who infected 400,000 computers

857

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us