Open source information / Python /
text

Hackers use the mine sweeping game Python clone to hide malicious scripts and attack European and American financial institutions

Source: contribution
Author: Seanuts of Pineapple
2024-05-27 14:22:18
five
[Live Preview] How come Rust has not replaced C/C++for nearly ten years?

Recently, the National Computer Emergency Response Team of Ukraine (CSIRT-NBU) and the Ukrainian Computer Emergency Response Team (CERT-UA) jointly Exposed a hacker attack Attackers use Python clone code of Microsoft's classic minesweeping game to hide malicious scripts against European and American financial institutions.

Attack background and executor

This attack was traced to a threat actor named "UAC-0188". The hacker organization successfully hid and downloaded the Python script that installed SuperOps RMM by using legal code.

SuperOps RMM is a legitimate remote management software, but it is used by attackers to directly access the intruded system. The CERT-UA report points out that since the attack was discovered, there have been at least five violations involving the same potential documents of European and American financial and insurance institutions.

Attack details

The attack starts with an email disguised as a medical center, sent to“ support@patient-docs-mail.com ”, the subject of the email is "network archives of personal medical documents". The victim was induced to download a 33MB from the Dropbox link provided SCR files.

This file contains a harmless Python clone minesweeping game code, but it also hides the code from remote sources( anotepad.com )Download malicious Python code for additional scripts. The minesweeping code contains a function named "create_license_ver", which is used again to decode and execute hidden malicious code. Hackers use this method to try to mislead security software into thinking that the file is harmless.

The malicious code is hidden in the file through the base64 encoded string. After decoding the string, a ZIP file containing the MSI installer of SuperOps RMM will be assembled. The installation program is finally extracted and executed with a static password, granting the attacker unauthorized access to the victim's computer.

Safety advice

CERT-UA recommends that organizations that do not use SuperOps RMM products“ superops.com ”Or“ superops.ai ”Domain calls are considered as a sign of hacker intrusion. Other intrusion indicators (IoCs) related to this attack are also shared at the bottom of the report for the reference of the security team.

This attack reminds us that hackers are constantly looking for innovative ways to bypass security protection. Enterprises and individual users should always be vigilant, update security software in a timely manner, and avoid downloading and executing files of unknown origin.

 

Expand to read the full text

Related Links

The news on this website is prohibited to be reproduced without authorization. Violators will be investigated for relevant legal responsibilities according to law. For authorization, please contact: oscbianji#oschina.cn

Title: Hackers use the mine sweeping game Python clone to hide malicious scripts and attack European and American financial institutions

Address: https://www.oschina.net/news/294442/hackers-phish-finance-orgs-using-trojanized-minesweeper-clone

Click to join the discussion 🔥 (5) Post and join the discussion 🔥

Hot content

More highlights
Steam++3.0.0-rc.11 released, Steam toolbox
Open Source Daily | Winamp is officially open source; Google spent 18.9 billion yuan to recruit AI talents; Open source reproduction of the o1 model; Google search snapshot function "dead"
Tuolupai won the certification of "data governance service provider" of Shanghai Data Exchange
: fire: Following HarmonyOS NEXT, Solon v3.0 will be released on October 8
Extreme governance of Baidu search results fluctuation
Mozilla accused of tracking users in Firefox without consent
Winamp, an old classic music player, is officially open source
The truly smart ORM framework sqltoy orm 5.6.24 release
IntelliJ IDEA 2024.2.3 Release
Zhiyuan Research Institute Releases Chinese Internet Corpus CCI3.0
GeoServer 2.26.0 release, Java 17 support
As an open language, why does JavaScript become a trademark of Oracle?
"Zhihuijun" startup company opened AimRT, a runtime development framework for the field of modern robots
More than 4 million 5G base stations in China
Meta releases Llama 3.2 multimodal AI model
MariaDB 11.7.0 Preview Release
[Free large screen] The first integrated version of JimuReport building block dashboard v1.8.1 was released
Why is there no deep 24 version?
The 1.2.8 version of the warm flow is updated. The new handler variable expression and condition expression support spel
GXDE OS 15.14 beta: Clear sky after heavy cloud exploration, different depth
What skills a qualified programmer needs to master
Summary of Fourteen Tips for PHP Beginners
Default Web Font Style
JavaScript, Only you can't imagine
What is Node - Learn Node
Four key points of website code writing
PHP programmers are most likely to make 10 mistakes
Ten reasons for turning to Spine.js
Three things should never be put in the database
A day of four programmers
Seven Thoughts on Programming Learning
17 Tips to Improve Your Hibernate 4 Development Ability
A day of four programmers
How to get the favor of HR, summary of common interview questions
Six problems that Java must understand
Continuous assignment operation that Javascript may not fully understand after 10 years of writing
Advanced javascript
5 tips to improve your SEO ability
What should I pay attention to when operating DOM arrays with jQuery?
MVC mode is not easy to use? Why not try MOVE
28 new features, techniques and technologies of HTML5 that you must know
Be a programmer with Chinese characteristics
Guide to program installation B
What is the goal?
About returning null values
The most convenient IP location query in history
Common shortcut keys for Eclipse programmers
Top 10 reasons to use HTML5 now
Analysis of the underlying knowledge of website construction Socket and Http
Only one return statement
Fact: Red Boy is not the natural son of the Bull Demon King
What skills a qualified programmer needs to master
Follow me to learn the URL of CodeIgniter, a website development framework
What is the difference between the native version of artDialog and jquery
Top 10 Interview Skills
Top 10 reasons to use HTML5 now
Mobile Web Interface Style - CSS3
Choose Apache or Tomcat for website construction server
Death Penalty in the Kingdom of Nouns (Translation) - A Story of Hello World
Eight isolation levels necessary for Web development
7 Legends about html5
How the browser renders text
Five Points for Redis Users
How much is your code worth
What books should a qualified programmer read
In my mind, zz, a programming expert, has a somewhat academic style^_^
Count the syntax traps that javascript is easy to ignore
26 points for improving java performance
Comparison of commonly used HTML5 mobile application development frameworks
The process of creating pages on github
The beauty of code - how to write elegant PHP code
Avoid six common HTML5 incorrect uses
How to get the div of artDialog
How to increase the number of websites
10 Practical Typography Skills to Improve the Readability of Web Pages
Technical preparations for websites with millions of visitors
Five Tips for Improving the Security of PHP Websites
Several things you should pay attention to when coding Python
The difference between equals and==in java
Top 10 reasons to leave Java and find a better language
Three elements of code - winning the hearts of interviewers
7 Legends about html5
Decrypting Redis persistence
How to learn a new PHP framework
Write less code
Do you really understand HTML
Ajax Request and Browser Cache in Website Construction
Why++[[]] [+[]]+[+[]]=10?
The mentality of website promotion
Research on the unavailability of javascript
What a qualified programmer should do every day, every week, every month, every year
Eight Mistakes in Domain Name Resolution
13 JavaScript errors that developers are most likely to make
Good code is cheap code
How to quickly find the element in the middle of a single linked list with unknown length
8 profit tips that mobile developers should know
15 Things You Should Know About Win 8 RT
What a qualified programmer should do every day, every week, every month, every year
Web.py 0.3 Novice Guide
6 Daliyou makes you like jQuery

Popular comments of the whole site

Solitary Demon Xia
Solitary Demon Xia 2024-09-26 15:48
😍
infoworld
infoworld 2024-09-11 18:00
Thanks, it is your pioneering work that can avoid being monopolized by foreign systems and applications.
I have I can
I have I can 2024-07-09 11:40
The essence of sprayers is to find reasons for their own darkness and inferiority.
-SORA-
-SORA- 2024-09-26 12:49
Simple grammar is not difficult, but it is not so easy to do a big project after engineering
-SORA-
-SORA- 2024-09-26 12:45
Similarly, both the iPhone and IOS are in Cisco's hands
Small and beautiful software development
Small and beautiful software development 2024-09-26 19:45
Ordinary people still use broadband wifi
Outstanding people
Outstanding people 2024-07-10 16:17
Can you lie flat, can you cut leeks, and spend money on research and development? For scolding? Say this can cut leeks? You were cut? Did you buy it? Who changes the mac every year and who changes the iphone every year? Huawei users don't seem to do that, do they? I can't stand it for a Xiaomi user!
y
yiyanxiyin 2024-09-26 11:13
How to say, if we regard C as a tool, it is not difficult to learn how to use it basically, but it can make earth shaking things. It is difficult to do it. C is like a pen that everyone can use, but everyone can write different characters, and the difference is not a matter of a pen
z-zg
z-zg 2024-09-26 13:07
Indeed, it was all the trouble caused by the original bustle. However, with Oracle's cancerous character, it will not be given.
f
fzn0268 2024-09-04 14:26
This is the guy who makes code generator
Wise sermon
Wise sermon 2024-08-13 12:02
No matter who is fighting in Ping'an County, our 358 Regiment will help the field!
Flat wave
Flat wave 2024-09-26 16:11
very good!
Big back
Big back 2024-07-10 14:03
Then the traffic police find the responsible party and call the customer service of the generative AI, which is very powerful
z
zb79463626 2024-08-26 15:51
What research and development does IBM China have? All tests! The so-called people engaged in research and development are all working for the elderly!
two hundred and seventy-nine million seven hundred and seventy-eight thousand three hundred and twenty-five
two hundred and seventy-nine million seven hundred and seventy-eight thousand three hundred and twenty-five 2024-08-16 16:22
It's not easy to have a domestic development platform, but only to belittle it without encouragement, even if the propaganda is exaggerated? So what are you really doing? Why not go to the manufacturer one by one with exaggerated advertising everywhere? Criticize and think about whether you can make one at the same time? Why do we have to be so honest when we add the word "domestic"?
e
exidot 2024-09-26 16:54
I'm really worried if Linux loses Linus and other veteran figures. It is estimated that Linus is also considering the future of Linux by introducing Rust
cyclamenkde
cyclamenkde 2024-09-26 15:25
OpenHarmony based OS, x86 and arm supported
liming0101
liming0101 2024-09-10 09:09
What Naji things, but also touch the porcelain black myth
iCooook
iCooook 2024-09-26 11:21
👏
PynixWang
PynixWang 2024-09-26 14:36
It is suggested to use the digital version instead of the year version. The digital version is convenient for ticket skipping. The year version was very awkward.
Flat wave
Flat wave 2024-09-26 15:02
very good!
Small and beautiful software development
Small and beautiful software development 2024-09-26 19:41
To put it bluntly, I can only indulge myself
geeaks
geeaks 2024-09-26 10:40
HarmonyOS hurry to unify all ends
y
yiyanxiyin 2024-09-26 11:14
How to say, if we regard C language as a tool, it is not difficult to learn how to use it basically, but it can make earth shaking things, which is difficult to do. C language is like a pen, which everyone can use, but everyone writes different characters, and the difference is not a problem of a pen
Small and beautiful software development
Small and beautiful software development 2024-09-26 19:42
This is to sell money with other people's resources. Now all kinds of ai are irregular
Jane Roemer
Jane Roemer 2024-08-12 19:31
Are you connected to the Internet at home? Godson has abandoned MIPS for a long time, and now it is LoongArch. Take a look: https://loongarch.dev/zh-cn/posts/20210501-loongarch-manual/
Strong ice
Strong ice 2024-07-22 08:41
It's better to say that 90% of domestic computers do not have CrowdStrike software installed
Flat wave
Flat wave 2024-09-26 15:07
VERY GOOD!
blue_think
blue_think 2024-08-26 11:00
Don't just talk about Huawei. Tell me about your own abilities, how far you have reached, and what achievements you have made. It's a bit persuasive anyway
dwingo
dwingo 2024-07-18 10:12
It's not that jni and unsafe are not allowed to be used. It's just a "restriction". You can continue to use them as long as you add command line parameters. The purpose is to let users consider the security of the program
Black toothpaste
Black toothpaste 2024-07-21 12:12
A real person is invincible if he has no shame. As long as he is not embarrassed, others are embarrassed.
fastfail
fastfail 2024-09-26 15:00
I didn't learn Rust
Tobyee
Tobyee 2024-07-09 11:04
No GMS is an excuse. In essence, we still don't want to adapt to domestic mobile phone systems. When Hongmeng Next comes out, we can see whether Microsoft will embrace or not
h4cd
h4cd 2024-09-26 10:17
This picture of you 👮
Yanlongli
Yanlongli 2024-07-11 17:28
It reduces the visual complexity and increases the operation complexity.
Flat wave
Flat wave 2024-09-26 15:06
VERY GOOD
Artrener
Artrener 2024-07-21 15:12
It can be seen that he is unhappy and 360 is unhappy, but what others say is the truth. For example, people in the aviation industry also said so.
songdragon
songdragon 2024-08-14 13:11
There are several problems with the conditions for this comparison. 1. Solomon uses smart http and spring uses undertow 2 The automatic configuration of solon startup itself is less than that of spring, which determines the different dimensions of comparison. The reason for better performance is probably due to the dependency of web server and application configuration. If you want to align, you need to use the same web server. The spring application excludes all automatic configurations and only retains what is necessary for the web to explain the performance gap of the framework. Now, this result does not mean that solon itself has good performance.
Azeroth008
Azeroth008 2024-07-09 10:43
It's good to have a self-developed operating system. What's the mentality of those who spray indiscriminately?
0day
0day 2024-07-21 11:52
A rogue should talk about security?
Flat wave
Flat wave 2024-09-26 12:59
I actually have powder, which is really effective; 😂
Small and beautiful software development
Small and beautiful software development 2024-09-26 19:47
I don't know who invented the name and then had to get an internal version number
Flat wave
Flat wave 2024-07-07 16:54
After eating, I smashed the pot, as if it were pure blood. After eating, I wanted to smack the pot of millet, popo and vivo; 😂
t
tsdyy 2024-09-26 11:46
Who asked you to change your name from livescript to javascript in order to rub off the popularity of Java? I have to pay it back.
kushu001
kushu001 2024-08-14 15:24
Why must we emphasize "domestic"? Is it an open source project? If open source, won't you accept the contribution of foreign developers? I'm just curious, can't I promote without "domestic" 😀
HalLi
HalLi 2024-09-09 01:10
Even if ordinary users don't understand it, why don't even programmers understand it? Apple is 30% of the whole platform, and domestic channel service is 50%. Where does the big app like WeChat and Tiao Yin get channel service? Besides games, which app brings channel service.
Qsion
Qsion 2024-09-26 14:39
The crow in the world is black, just choose the one you believe in.
osc_50722289
osc_50722289 2024-09-06 13:51
If Apple doesn't give in and WeChat doesn't give in, it will look good! WeChat goes deep into ordinary people's homes in China! Payment social WeChat is inseparable. If WeChat is not updated on IOS, Apple "doesn't have to mix"
osc_73214294
osc_73214294 2024-09-26 18:02
Next is customized by Huawei based on openharmony. If you say Android is open source, it should correspond to openharmony, which is open source. The customized UIs of various companies will not be open source.
kakai
kakai 2024-09-10 12:23
You don't know anything, but you come here with your mouth open. The reason why the exclusive channel draws high is that there is exclusive channel traffic, which means that the platform is guiding your operation. As long as you collect money, 50% is less, and Apple is guiding you? Give more respect to the apple, it will make you rich.
1km
1km 2024-09-26 14:44
Now AI is getting bigger and bigger
osc_566335
osc_566335 2024-08-01 15:05
"Although they only have college education" - college education is also considered as higher education, is it a level of illiteracy in the mouth of these media now?
osc_73214294
osc_73214294 2024-08-05 10:19
I thought there would be more in-depth comments below the articles on this platform, and there would be many blowers.
My name is Li Gue
My name is Li Gue 2024-09-26 13:53
This is a bit interesting
Small and beautiful software development
Small and beautiful software development 2024-09-26 19:44
That's the same thing. Don't be moral. It's yours to kidnap you
My name is Li Gue
My name is Li Gue 2024-09-26 12:28
Read more and write less
Kevin586
Kevin586 2024-07-29 17:09
If you really want to reduce costs, you still need to change go. Java eats too much memory
o
osc_97949904 2024-09-26 11:19
How to highlight a row in a table in a diagram?
Binx
Binx 2024-09-07 08:28
It's better to increase the Apple tax to 80%, otherwise how can you show your distinguished Apple user identity
kakai
kakai 2024-09-07 10:39
Why did WeChat offend you? In any case, it is beneficial for the Chinese people to let Apple reduce the tax rate in China even if WeChat does it for its own commercial interests. This tax rate is not only for WeChat, but also for Apple. What a stupid and shameful statement!

Hot News

one
The Linux mainline kernel has merged the epic patch 'PREEMPT_RT'
two
Linus, founder of Linux: C is very simple, but easy to make mistakes, while Rust is not
three
Dalian Cisco has been exposed to layoffs of about 300 people, and the compensation plan includes "N+7"
four
JetBrains launched JetBrains AI Assistant in strategic cooperation with Alibaba Cloud, focusing on developers in the Chinese market, and achieving intergenerational improvement in development efficiency
five
Open Source Daily | Here comes the real-time Linux kernel; Dalian Cisco is exposed to layoffs; Huawei will release Hongmeng PC; AI will be open source and decentralized in the future; Post-00 Tsinghua boys challenging GPT; AI products priced up to 1 million yuan
six
Zuckerberg: Leaders of technology companies need to understand technology, otherwise they will not be a technology company
seven
Huawei Hongmeng HarmonyOS NEXT will be publicly tested after National Day
eight
Microsoft optimizes Hyper-V code to shorten startup time
nine
Tencent Releases The Five, the Fifth Generation Robot
ten
Spring Boot 3.4.0-M3 Release

Excellent column

Expert Q&A
Previous period

Advanced developers have a deep understanding of the underlying technical principles of the Linux kernel

How do programmers get started with AI application development?

Talk about Unity and Native Bridging

A daily blog
more

Extreme governance of Baidu search results fluctuation

58 Algorithm Practice in Commercial Search Scenarios

Development history and status quo of 10 database technologies

News delivery
Immediate delivery

Welcome to deliver software and IT industry

Related news.

Recommended attention

Change a batch
waylau
waylau
Article 224
Visit 33.8W
Deng Cao
Deng Cao
Article 33
Access 10K
xiaolyuh
xiaolyuh
Article 160
Access 11.4W
_wwhai
_wwhai
Article 28
Access 6.5K
Liuzh_533
Liuzh_533
Article 21
Access 17.9W

Hot software

Nefarious IDE -Eclipse plug-in in Go language
Apache Continuum -Continuous integration server
date4j -Java date time processing class
BoneCP -Java database connection pool
OProfile -Linux kernel performance analysis
Open Flash Chart -Flash Chart Component
FCKEditor's jQuery plug-in jEditor
QuiteSleep -Mobile phone anti disturbance software
Cosmetic -Integrated operation system of retail service industry
Jazz -IBM Software Development Collaboration Platform
GreenSQL -Database firewall
DWZ -Domestic jQuery UI framework (jUI)
IKExpression -Expression resolution actuator
Sharetronix -Multimedia microblog platform
PHPEclipse -PHP development tools
Drigg -PHP Digg Website System
SearchStatus -SEO toolbar of FireFox
Hibari -Open source NoSQL database engine
Groovy++ -Groovy Plus
MyEnTunnel -SSH client under Windows
five comment
three Collection
share
Back to top
Top