Author Topic: Hackers are more and more "sophisticated" or better.....  (Read 1692 times)

Offline prodex

  • Comodo's Hero
  • *****
  • Posts: 591
Hackers are more and more "sophisticated" or better.....
« on: May 26, 2021, 12:52:59 AM »
....live at the expense of others


This malware (CacheFlow) is a chameleon.

It checkes other add ons, deactevate itself not to be detected, activates itself after 3 days when installed (undetected) and can thus see all activities and also carry out consents.

Look i.e. there .

Cloaking with the help of Google Analytics.

The worst thing is that this malware downloads personal data before encrypting your data to suppress you, otherwise it uploads your data to the Internet, making it worthless to restore a backup.

So be careful with your personal datas. I use safes and external storages for it. But I tell no news when I do so- surely.
« Last Edit: July 01, 2021, 05:34:24 AM by prodex »

Offline prodex

  • Comodo's Hero
  • *****
  • Posts: 591
Re: Hackers are more and more "sophisticated" or better.....
« Reply #1 on: July 01, 2021, 04:27:12 AM »
I have those exe files (attachment 3.jpg), but they are not on my hard disk:

https://decoded.avast.io/janvojtesek/backdoored-browser-extensions-hid-malicious-traffic-in-analytics-requests/

Quote
Continuing from his findings, we managed to find many other extensions that were doing the same thing. These other extensions offered various legitimate functionality, with many of them being video downloaders for popular social media platforms. We initially learned about this campaign by reading a Czech blog post by Edvard Rejthar from CZ.NIC. He discovered that the Chrome extension ?Video Downloader for FaceBook?? (ID pfnmibjifkhhblmdmaocfohebdpfppkf) was stealthily loading an obfuscated piece of JavaScript that had nothing to do with the extension?s advertised functionality. Continuing from his findings, we managed to find many other extensions that were doing the same thing.

ig tries to start when I've loaded Malwarebytes, but I don't allow it to run but Malewarebytes still runs - and it doesn't find any malicious software (sneaky backdoor software?) and no software finds anything. ig is said to belong to malwarebytes  ( ? ) :

Quote
https://www.freefixer.com/library/file/ig.exe-300035/
What is ig.exe? - FreeFixer
What is ig.exe? ... ig.exe is part of Malwarebytes Scanner and developed by MalwareBytes according to the ig.exe version information. ... ig.exe is digitally signed by ... 

Quote
https://forums.malwarebytes.com/topic/254313-malwarebytes-creates-multiple-ig-exe/
Malwarebytes creates multiple ig exe - Malwarebytes for Windows ...
2 Dec 2019 ... I found another thread which says IG is part of the new scan engine in Malwarebytes version 4 but why ... ID:1348374 ... As noted above, the ig-*.exe files are only temporary copies of the base ig.exe; used during scanning ...

LiquidTension
Malwarebytes Staff
LiquidTension
Staff

 2    4
4,192 posts
Staff
ID:1348398
Posted December 2, 2019
Hi spinoxin,

Please refer to the following post: https://forums.malwarebytes.com/topic/254241-new-instances-of-igexe-constantly-needs-whitelisting/?do=findComment&comment=1348390

As noted above, the ig-*.exe files are only temporary copies of the base ig.exe; used during scanning and as part of on-execution protection provided by the Malware Protection component. If you use the 'Quit Malwarebytes' option and look inside the installation folder (%programfiles%\Malwarebytes\Anti-Malware by default), you will only see a single ig.exe.


but---> attachment 2.jpg aus obigem Link



comodo's advice: Do only run it if it belongs to your daily program (or if you trust it ..... or so). We do not advice so.
« Last Edit: July 01, 2021, 09:59:59 AM by prodex »

Offline prodex

  • Comodo's Hero
  • *****
  • Posts: 591
Re: Hackers are more and more "sophisticated" or better.....
« Reply #2 on: July 01, 2021, 09:10:58 AM »
today:

14:59 MZ

Online Security Pro: Warning: Unsafe website blocked (go back to safety (recommended)

ffjgpapimgnmibnacmeilgjefnoofefp :

- chrome-extension://ffjgpapimgnmibnacmeilgjefnoofefp/warning/alert.html?type=Phishing&targeturl=https://www.bavariadirekt.de/versicherungen/haftpflicht-versicherung/privat-haftpflicht-versicherung/komfort-m/?utm_source=financeads&utm_medium=affiliate&utm_campaign=FinanceAds_35375&utm_term=542316424X35375C108027602T&utm_content=Werbemittel_27602&s_id=542316424X35375C108027602T

I opened a safe website of an insurance company. Suddenly, after closing this website and opening once more I got this warning.

Thanks to comodo and staff!  :-TU :-TU

Could anyone of the staff look at the log files (by malwarebytes support tool)? I'll send it per personal mail. Would be nice!
« Last Edit: July 01, 2021, 09:56:24 AM by prodex »

Offline prodex

  • Comodo's Hero
  • *****
  • Posts: 591
Re: Hackers are more and more "sophisticated" or better.....
« Reply #3 on: July 01, 2021, 04:34:54 PM »
Sorry, I'll upload the log-files in forums.malwarebytes.com
« Last Edit: July 01, 2021, 04:45:59 PM by prodex »

Offline jay2007tech

  • Malware Research Group
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2307
Re: Hackers are more and more "sophisticated" or better.....
« Reply #4 on: July 01, 2021, 05:17:54 PM »
maybe "pm" meldan

or

https://forums.comodo.com/av-false-positivenegative-detection-reporting/submit-malware-here-to-be-blacklisted-2021-no-live-malware-t126700.390.html
sounds creepy.   Can you upload it to virustotal.com

after you cleared the comodo sandbox and blocked it with hips.  Did Comodo Killswitch show anything unusual or any new unknown files
It's hard being a crooked Admin when the files won't pass an md5checksum test.  But like any other good crooked Admin it can be done, it just takes time(and lots of it) and a few aspirins

Offline prodex

  • Comodo's Hero
  • *****
  • Posts: 591
Re: Hackers are more and more "sophisticated" or better.....
« Reply #5 on: July 01, 2021, 11:29:41 PM »
It really seems to belong to malwarebytes:

https://forums.malwarebytes.com/topic/273619-igexe-igdump-what-are-these-used-for/?tab=comments#comment-1454081

I agree with you: sounds creepy.

There are many unknown files but opening features they belong to comodo dragon, Windows - i'll clear sandbox a.s.o. and will report.

Thank you.

So, these two are always available, belonging to memory compression (attachment 7.jpg)

But before cleaning the sandbox there were many of them (i.e. attachment  4 + 6)

I'll uninstall malwarebytes to see if the "ig.exe" appears once more.

Just opened Malwarebyte and started scanning, in Killswitch appears ig.exe in red and is closed very fast again.

This folder does not exist: C:\Users\xxxx\AppData\LocalLow\IGDump\bxmjealphsczzvfimowvrhhalfiyqfnh\ig.exe and wether valkyrie nor virustotal can find the file.
« Last Edit: July 02, 2021, 12:39:28 AM by prodex »

Offline jay2007tech

  • Malware Research Group
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2307
Re: Hackers are more and more "sophisticated" or better.....
« Reply #6 on: July 02, 2021, 08:34:34 PM »
based on your pictures, I get the same unknown file types like .exe.mui, .pak, .nls,and so on.  Heres a picture of mine from killshot for comodo dragon
It's hard being a crooked Admin when the files won't pass an md5checksum test.  But like any other good crooked Admin it can be done, it just takes time(and lots of it) and a few aspirins

Offline prodex

  • Comodo's Hero
  • *****
  • Posts: 591
Re: Hackers are more and more "sophisticated" or better.....
« Reply #7 on: July 03, 2021, 12:19:33 PM »
Hitman Pro, Malwarebytes, comodo, adwcleaner - none of them found any suspicious items on my PC.
I installed Malwarebytes again - so far no ig-exe.

Offline jay2007tech

  • Malware Research Group
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2307
Re: Hackers are more and more "sophisticated" or better.....
« Reply #8 on: July 03, 2021, 05:31:15 PM »
If you still running into issues.  computer slowing down, bsob, and so on OR IF your not sure

using the program will help narrow down your problem. 

Farbar Recovery Scan Tool Download <----I recommend saving it to the desktop, that way the 2 log files will go there  One is called FRST.txt and the other is called Addition.txt
https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/


It's hard being a crooked Admin when the files won't pass an md5checksum test.  But like any other good crooked Admin it can be done, it just takes time(and lots of it) and a few aspirins

Offline prodex

  • Comodo's Hero
  • *****
  • Posts: 591
Re: Hackers are more and more "sophisticated" or better.....
« Reply #9 on: July 06, 2021, 12:16:43 PM »
Thank you. Nearly everything is o.k. but BSoD again.

Offline jay2007tech

  • Malware Research Group
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2307
Re: Hackers are more and more "sophisticated" or better.....
« Reply #10 on: July 06, 2021, 01:52:06 PM »
Quote
but BSoD again.
Thats not acceptable.  Can you post it in bug reports section.  If they can fix it, they' will probably give you a patch for your machine so you don't have to wait for the next version to come out with the fix.  Just an idea?

https://forums.comodo.com/bug-reports-cis-b132.0/

I'm glad nearly everything is almost O.K.
It's hard being a crooked Admin when the files won't pass an md5checksum test.  But like any other good crooked Admin it can be done, it just takes time(and lots of it) and a few aspirins

Offline kyl

  • Comodo's Hero
  • *****
  • Posts: 276
Re: Hackers are more and more "sophisticated" or better.....
« Reply #11 on: July 06, 2021, 10:29:47 PM »
very curious about these browser extensions, is cfw has anything to do with they or is it chrome's responsibility?
no test or demonstration. cfw able to block such things?

 :P0l

[at]our beloved sister

Offline prodex

  • Comodo's Hero
  • *****
  • Posts: 591
Re: Hackers are more and more "sophisticated" or better.....
« Reply #12 on: July 07, 2021, 05:13:24 AM »
Thats not acceptable.

It "only" happens when restoring the container.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek