Fri, Apr 28, 2017 | updated 11:55 AM IST

StrongPity's summer watering-holes trap a thousand users in search of encryption

Updated: Oct 13, 2016 17:40 IST      
StrongPity's summer watering-holes trap a thousand users in search of encryption

New Delhi [India], Oct.13 (ANI): A stealthy threat actor known as StrongPity has spent the summer luring users of encryption software to its watering holes and infected installers, according to a paper presented at Virus Bulletin by Kaspersky Lab security researcher, Kurt Baumgartner.

Users in Italy and Belgium were hardest hit, but people in Turkey, North Africa and the Middle East were also affected.

StrongPity is a technically capable APT interested in encrypted data and communications. Over the last few months, Kaspersky Lab has observed a significant escalation in its attacks on users looking for two respected encryption tools: WinRAR document and TrueCrypt system encryption.

The StrongPity malware includes components that give the attackers complete control of the victim's system, enables them to steal disk contents and also to download additional modules to gather up communications and contacts.

Kaspersky Lab has so far detected visits to StrongPity sites and the presence of StrongPity components across more than a thousand target systems.

To trap victims, the attackers built fraudulent websites. In one instance, they transposed two letters in a domain name to fool customers into thinking it was a legitimate installer site for WinRAR software. They then placed a prominent link to this malicious domain on a WinRAR distributor site in Belgium in order to lead unsuspecting users to their poisoned installer.

Kaspersky Lab first detected a successful redirection on May 28th, 2016.

At almost the same time, on May 24th, Kaspersky Lab began to spot activity on an Italian WinRAR distributor site. In this instance, however, users were not redirected to a fraudulent website, but were served the malicious StrongPity installer directly from the distributor site.

StrongPity also directed visitors from popular software-sharing sites to its trojanized TrueCrypt installers. This activity was still ongoing at the end of September.

The malicious links from the WinRAR distributor sites have now been removed, but at the end of September the fraudulent TrueCrypt site was still up.

Kaspersky Lab data reveals that in the course of a single week, malware delivered from the distributor site in Italy appeared on hundreds of systems throughout Europe and Northern Africa/Middle East, with many more infections likely. Over the entire summer, Italy (87%), Belgium (5%) and Algeria (4%) were most affected. The victim geography from the infected site in Belgium was similar, with users in Belgium accounting for half (54%) of more than 60 successful hits.

Attacks on users through the fraudulent TrueCrypt site ramped up in May 2016, with 95% of victims located in Turkey.

"The techniques employed by this threat actor are quite clever. They resemble the approach undertaken in early 2014 by the Crouching Yeti/Energetic Bear APT, which involved trojanizing legitimate IT software installers for industrial control systems and compromising genuine distribution sites. These tactics are an unwelcome and dangerous trend that the security industry needs to address. The search for privacy and data integrity should not expose an individual to offensive waterhole damage. Waterhole attacks are inherently imprecise, and we hope to spur discussion around the need for easier and improved verification of encryption tool delivery," said Kurt Baumgartner, Principal Security Researcher, Kaspersky Lab.

Kaspersky Lab detects all StrongPity components as: HEUR:Trojan.Win32.StrongPity.gen and Trojan.Win32.StrongPity.* and as other generic detections.

To learn more about the StrongPity watering hole attacks, read the blog on Securelist.com. (ANI)

Now, engage well through Facebook Live!

Updated: Apr 28, 2017 02:49 IST     

New Delhi [India], April 28 (ANI): Ever since we realized, human tendency is inclined towards finding the easy way out, we knew that majority of all future innovations would have these three as their major pillars of thought- comfort, technology and time conservation.

Full Story >>

New Delhi [India], Apr 27 (ANI): Kaspersky Lab has published the results of its investigation into the activity of Hajime - a mysterious evolving Internet of Things (IoT) malware that builds a huge peer-to-peer botnet.

Full Story >>

MuveAcoustics rolls out wireless Bluetooth headphone 'Evoke'

Updated: Apr 27, 2017 18:04 IST     

New Delhi [India], Apr 27 (ANI): Gear yourself up for an overhaul of your musical experience as MuveAcoustics one of India's leading lifestyle audio solutions provider has launched its premium over-ear wireless Bluetooth headphone series - 'Evoke'.

Full Story >>

New Delhi [India], Apr 27 (ANI): Chinese technology company Vivo on Thursday took its initiative of the selfie revolution a notch higher by launching Vivo V5s in matte black and crown gold colors at Rs. Rs.18,990.

Full Story >>

Facebook hosts interactive session for users in Delhi

Updated: Apr 27, 2017 14:48 IST     

New Delhi [India], Apr 27 (ANI): Social media giant Facebook on Wednesday hosted an interactive product showcase, 'Facebook: A place to connect' for the Facebook community to experience in Delhi on April 26.

Full Story >>

Pinwi upgrades its parenting app, introduces Pinwi 2.0

Updated: Apr 27, 2017 10:53 IST     

New Delhi [India], Apr 27 (ANI): The data-driven app for child development and parenting, Pinwi (Play-Interest-Wise) on Thursday introduced a new version 2.0 for both on iOS and Android platforms.

Full Story >>

New Delhi [India], Apr 27 (ANI): IT services provider Infosys Ltd. on Thursday announced the launch of Infosys Nia, the next-generation Artificial Intelligence (AI) platform building on the success of the Company's first-generation AI platform, Infosys Mana, and its Robotic Process Automation (RPA) solution, AssistEdge.

Full Story >>

New Delhi [India], Apr 27 (ANI): Aiming to deliver more long-term and impactful changes to Search, Google on Wednesday announced key updates to its algorithms and introduced additional features to address the challenges with locating relevant from the most reliable sources available.

Full Story >>

New Delhi [India], Apr 26 (ANI): Tata Motors have announced readiness of SCR (Selective Catalytic Reduction) and EGR (Exhaust Gas Recirculation) technologies for BSIV compliant engines, powering its range of commercial vehicles.

Full Story >>

HCL Infosystems becomes Oracle platinum level partner

Updated: Apr 26, 2017 15:35 IST     

New Delhi [India], Apr 26 (ANI): HCL Infosystems Ltd. on Wednesday announced that it has achieved the Oracle Platinum Partner status in Oracle Partner Network (OPN).

Full Story >>

Ericsson, MTS evaluates radio network features

Updated: Apr 26, 2017 15:04 IST     

New Delhi [India], Apr 26 (ANI): Ericsson and MTS, the largest mobile operator in Russia on Wednesday built a prototype 5G network and completed a successful test of new radio network features.

Full Story >>

New Delhi [India], Apr 26 (ANI): UCWeb has outlined detailed guidelines for writers and content creators to join the 'Super 1000' Program launched in March 2017.

Full Story >>

New Delhi [India], Apr 25 (ANI): SaaS cloud platform to manage hotels sales, revenue, operations and online reputation DJUBO on Tuesday announced a rapid adoption among hoteliers with a four-fold increase in its revenues, doubling occupancy, boosting ARRs by over 50 percent, and more.

Full Story >>

New Delhi [India], Apr 25 (ANI): Mobile application that allows users to personalize conversation in real-time on any platform Bobble Keyboard on Tuesday announced that it has partnered with Zen Mobile.

Full Story >>

Google's new features empower Indian language consumer base

Updated: Apr 25, 2017 14:13 IST     

New Delhi [India], Apr 25 (ANI): Aiming to cater to the needs of one and all, Google on Tuesday announced the launch of a range of new features to empower Indian language users to adapt to latest technology within the comfort zone provided by the language of their choice.

Full Story >>

New Delhi [India], Apr 24 (ANI): Accenture on Monday announced the launch of its new platform for automated, analytics-driven software testing, after successfully completing pilots with 10 clients around the world.

Full Story >>

HTC announces VIVE product launch in India

Updated: Apr 22, 2017 12:23 IST     

New Delhi [India], Apr 22 (ANI-NewsVoir): Pioneer in innovative, smart mobile and virtual reality technologies HTC Corporation has announced the launch of their virtual reality system, HTC VIVE™ making it the first complete VR system available to customers in the India market. VIVE will be available exclusively on Amazon.in via pre-order from April 22nd, 2017.

Full Story >>

Google marks Earth Day with its Doodle

Updated: Apr 22, 2017 08:59 IST     

New Delhi [India], Apr. 22 (ANI): The Earth is more than 4.543 billion years old, home to more than 8.7 million species, and still the only known planet in the universe known to harbour life, reads Google's blog today.

Full Story >>

Softbank to deploy Ericsson Radio Dot System across Japan

Updated: Apr 22, 2017 02:09 IST     

New Delhi [India], Apr 22 (ANI): Following more than two years of verification and testing, SoftBank Corp., a subsidiary of SoftBank Group Corp. on Friday announced its decision to deploy the Ericsson Radio Dot System across Japan to deliver premium indoor connectivity to its subscribers.

Full Story >>

New Delhi [India], Apr 21 (ANI): The mobile division of Magicon Impex Jivi Mobiles on Friday announced its portfolio expansion of feature phones as it launched 'Sumo T3000' at Rs. 1490 in India.

Full Story >>