Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Moriya: An advanced and very dangerous 'stealth' Rootkit
During 4 years of monitoring, from 2018 until now, Kaspersky's security experts still do not know who / which organization is behind Rootkit Moriya, friends.
Kaspersky speculates that Moriya is part of an advanced APT (Advanced Persistent Threat) attack campaign called TunnelSnake operated by Chinese hackers.
TunnelSnake is said to have evolved a lot in terms of stealth or in other words stealth, comes with advanced auxiliary tools, and it is very well invested in infiltrating organizations. large, multinational/multi-region of Asia and Africa to sabotage and steal data.
#first. Rootkit Moriya challenges Microsoft 's Windows operating system
It is sad that with Microsoft's constant efforts to improve the performance and security of the Windows operating system by constantly updating new and powerful features, it is still surpassed by this rootkit:
- Driver Signature Enforcement to prevent malicious code execution in kernel space, modified/unsigned drivers will be blocked.
- Kernel Patch Protection (PatchGuard) to prevent system files/programs from being modified. If malicious code tries to modify the system, the legendary Blue Screen of Death error on Windows will appear immediately.
- Deeply integrate Windows Security security program into the system (from Firewall to anti-virus ability).
You should remember, Moriya is a rootkit, so once it gets into the system, almost every security mechanism of the operating system is manipulated by it.
Basically, because the rootkit operates in the Kernel space (a memory area containing the trusted code of the system kernel), every command it executes has absolute authority over the operating system. Like Administrator rights, the highest right.
It can install malicious drivers into the operating system to both ensure executable code is easily deployed (later) and has absolute system permissions.
With the ability to change I/O activities (files, network traffic) at the highest and earliest levels, it helps to create stealth armor for Moriya.
#2. Moriya's Stealth Armor
Malware in general is easily detected by constantly contacting C&C servers to receive execution orders, when these C&C servers are blacklisted by security firms, malware is easy to detect.
But the Moriya rootkit is different, it creates a Passive backdoor in the waiting area, but one thing is that the server in the victim's own network is the C&C server of the network!
In addition, it also has a hidden mechanism that makes security programs "cry", Moriya will filter network traffic packets (one step before any security program, because it is a rootkit) to see the packet. which contains the 'execution command' from the C&C server or intermediate zombie servers.
When it catches these packets, it immediately saves that 'instruction' to its own file/TCP stream for later reading, and then removes the 'command' from the packet.
Thus, network traffic/packets when reaching the hands of security programs will be just normal packets, combined with naming/impersonating tools/processes that are no different from Windows components, making Moriya can hide like a 'chameleon', friends.
#3. Summary
– Rootkit Moriya was developed by Chinese hackers (not 100% sure) to create Passive backdoors on public servers of large organizations (Kaspersky has only discovered victims in Asia and Africa).
These Public servers (usually IIS web servers) will then be used to spread this Windows rootkit deeper into the organization through network scanning tools, exploit vulnerabilities, . and these servers will take care of it. always act as an intermediary C&C server.
– This rootkit was first discovered in 2018, active in October 2019 until May 2020, each attack usually lasts several months and then the rootkit erases its own traces.
South Asia is the most active region with a variant with many dangerous functions (used by the notorious Chinese hacker group APT1).
– This rootkit can easily disable security programs (anti-virus), so don't think that you have spent money to buy famous anti-virus software like Kaspersky or ESET.
If you can afford to pay for security, buy Internet Security (more advanced than anti-virus) – see why. And always remember to update the software as well as update the Windows operating system to the latest version on a regular basis!
Isabella HumphreyYou should read it
- 'Super stealth' rootkit
- Learn about the sample Rootkit.Win32.Stuxnet.a
- Differentiate between Gootkit, Bootkit and Rootkit
- Instructions for removing LSE on Lenovo computers
- Learn about hidden threats: Rootkit and Botnet
- Detects a vulnerability that threatens all Windows computers shipped from 2012 up to now
- 'Rootkit + Trojan = Increased danger'
- Six Rootkit detectors protect your system
May be interested
- Instructions for removing LSE on Lenovo computers
lse installs a software program called onekey optimizer (oko) available on many lenovo laptops. onekey optimizer is in the 'crapware' category. however, the only weakness is that both lse and oko are not safe. - Learn about hidden threats: Rootkit and Botnetattackers are always looking for the latest ways to access our computer system. the use of a hidden method such as rootkits and botnets is on the rise and you are more likely to become a victim
- Detects a vulnerability that threatens all Windows computers shipped from 2012 up to nowsecurity researchers have found a vulnerability in the microsoft windows platform binary table (wpbt). this vulnerability can be exploited by hackers to install rootkits on all windows computers shipped from 2012 to the present.
- 'Rootkit + Trojan = Increased danger'security firm sana security is currently warning users of a new type of programmed malware aimed at stealing usernames and passwords.
- Six Rootkit detectors protect your systemthe concept of rootkits is not something new. it returned with the days of unix. intruders can use a popular unix toolkit, recompile, allowing them to administer, owning root access without leaving a trace
- 6 steps to have a safer computerthis article, gives readers a new and more complete view of security. from there, people can build a safe strategy for their computers at the lowest cost, even for free.
- Nerves play an important role in the extraordinary camouflage ability of inkscientists at the marine biology laboratory and the university of cambridge have discovered that the cuttlefish controls the ability to stealth with a giant known little nerve circuit.
- Tried to define 'rootkit'after being severely criticized for the rootkit scandal inside norton systemworks, symantec urgently called on the entire security industry to soon build a standard concept to define what 'rootkits' are.
- Intel developed an anti-rootkit technique.prior to the incident of computer attacks via sony's cds, intel has just announced it is working on a new project that helps computer users to automatically identify pre-installed dangerous software.
- Alarm of dangerous bot, Trojan infection ratethe latest statistics from microsoft show that backdoor trojans and bots are really terrible dangers for windows users. however, the rootkits infection rate is on the decline, partly due to updated security applications that add anti-rootkit features.
Tech info
- How to handle the error Windows 11 does not receive enough RAM
- TOP strongest character in One Piece: Burning Blood
- Windows 12: Start of development in March 2022
- US seizes nearly 100 thousand stolen Bitcoins: $ 4.5 billion fits in a 'USB'
- QNAP advises users to disconnect NAS from internet to avoid DeadBolt ransomware ransomware
- What can gamers expect from Cyberpunk 2077 in 2022?
How to handle the error Windows 11 does not receive enough RAM
TOP strongest character in One Piece: Burning Blood
Windows 12: Start of development in March 2022
US seizes nearly 100 thousand stolen Bitcoins: $ 4.5 billion fits in a 'USB'
QNAP advises users to disconnect NAS from internet to avoid DeadBolt ransomware ransomware
What can gamers expect from Cyberpunk 2077 in 2022?