Novidade Exploit Kit Actively Targeting SOHO and Home Routers
#1
Quote:Trend Micro's security researchers discovered multiple campaigns during September and October that wielded the Novidade exploit kit capable of changing Domain Name System (DNS) settings on home and SOHO routers with the help of cross-site request forgery (CSRF) attacks.

The attackers employ this the exploit kit to attack victims using both desktop and mobile devices, with the vast majority of malware campaigns that utilized it targeting banking credentials of Brazillian customers.

Novidade can exfiltrate banking info from its targets by changing vulnerable routers' DNS settings to those of maliciously configured servers controlled by its masters, allowing them to carry out pharming attacks on all devices connected to the compromised router.

As discovered by Trend Micro
, the first Novidade samples were unearthed during August 2017, with two separate strains spotted in the wild until now while being used in multiple campaigns.

This leads to the conclusion that the exploit kit has either been sold or shared between multiple threat groups, or that its source code has been inadvertently leaked and modified by other groups to suit their needs and, subsequently, being added to their toolset.

Source: https://news.softpedia.com/news/new-novi...4230.shtml
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
QOwnNotes 19.1.6
24.12.4 The wel...Kool — 12:56
INTEL Arc Graphics 32.0.101.6325/6253 dr...
Highlights Fix...harlan4096 — 11:06
GFYI [Official] Revo Uninstaller Pro v5...
"Share feedback...damien76 — 09:01
GFYI [Official] SpyShelter PRO v15 Chri...
Merry Christmas and ...damien76 — 08:56
GFYI [Official] IObit Christmas 2024 Bl...
Merry Christmas and ...damien76 — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>