Thursday, September 30, 2021

This malware pretends to be Amnesty International protection from Pegasus

Security researchers from Cisco Talos have discovered a new malware campaign in which cybercriminals are impersonating the human rights group Amnesty International.

According to a new blog post, the campaign is targeting those concerned about falling victim to the Pegasus spyware which was created by the NSO Group and distributed to authoritarian governments around the world to keep tabs on international journalists and activists.

Now though, cybercriminals have created a fake website impersonating the official site of Amnesty International which provides an antivirus tool that they claim can be used to protect against Pegasus. 

While potential victims believe the software can help protect their privacy and keep them safe online, it actually installs a little-known malware called Sarwent.

Sarwent malware

The Sarwent malware can create a backdoor on a victim's system but it can also activate remote desktop protocol which would allow an attacker to access a user's desktop directly. 

Due to the recent headlines regarding the Pegasus spyware, Cisco Talos believes that this campaign has the potential to infect many users. In fact, Apple also recently pushed out a security update for iOS that patched a vulnerability attackers had been exploiting to install Pegasus which led to even more people becoming aware of the spyware's existence.

Sarwent differs from other information stealers due to the fact that it has a look and feel similar to other antivirus software. It can exfiltrate any kind of data from a victim's computer but it also provides an attacker with the means to upload and execute other malicious tools as well.

Thankfully though, Cisco Talos has not yet observed any malicious advertisements or phishing campaigns being used to promote the fake Amnesty International website that distributes Sarwent. Still though, users should be on the lookout for the “Amnesty Anti Pegasus” software called “AVPegasus” and as always, they should avoid downloading and installing software from unknown sources online.



from TechRadar - All the latest technology news https://ift.tt/39VpnNK

No comments:

Post a Comment

Fake DocuSign emails are targeting some top US contractors

Fraudsters are impersonating US Government agencies Victims are encouraged to renew fake contracts using DocuSign Attacks have spiked a...