Lädt...


🕵️ New Cuttlefish Malware Hijacks Router Traffic to Harvest Credentials


Nachrichtenbereich: 🕵️ Hacking
🔗 Quelle: blackhatethicalhacking.com

New Cuttlefish Malware Hijacks Router Traffic to Harvest Credentials




Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Patreon
Reading Time: 3 Minutes

A newly discovered malware named ‘Cuttlefish’ has emerged, posing a significant threat to both enterprise-grade and small office/home office (SOHO) routers. Lumen Technologies’ Black Lotus Labs has conducted an in-depth analysis of this malware, revealing its alarming capabilities.

Cuttlefish operates by infiltrating routers and establishing a proxy or VPN tunnel, allowing it to stealthy monitor data passing through the compromised devices. This sophisticated approach enables the malware to bypass security measures that typically detect unusual sign-ins.

Furthermore, Cuttlefish can execute DNS and HTTP hijacking within private IP spaces, disrupting internal communications and potentially introducing additional malicious payloads.

While Cuttlefish shares some code similarities with HiatusRat, a malware previously associated with Chinese state interests, no direct links have been established between the two, making attribution challenging.

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses




Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

According to Black Lotus Labs, Cuttlefish has been active since at least July 2023, primarily targeting routers in Turkey. However, isolated infections have also been reported in satellite phone and data center services globally.

Cuttlefish Infection chain

Cuttlefish infects routers by exploiting vulnerabilities or using brute-force attacks to gain access. Once inside, it deploys a bash script (“s.sh”) to collect host-based data like directory listings and active connections.

The script then downloads and executes the primary Cuttlefish payload (“.timezone”), which operates in memory to avoid detection. Cuttlefish is versatile, with builds supporting various router architectures, making it a significant threat to network security.

 

Infection chainInfection chain
Source: Black Lotus Labs

Monitoring Traffic

Cuttlefish monitors traffic by employing a packet filter to track all connections passing through the infected device. It scans for specific data, like usernames, passwords, and tokens associated with cloud-based services, in the intercepted packets. This information is then logged locally and eventually exfiltrated to the attacker’s command and control server.

Proxy functionalityProxy functionality
Source: Black Lotus Labs




Evading Detection

To evade detection, Cuttlefish creates a peer-to-peer VPN or proxy tunnel on the compromised device for data transmission. Additionally, it redirects DNS requests and manipulates HTTP traffic to control communication and potentially hijack internal or site-to-site traffic, granting access to secured resources typically inaccessible via the public internet.

Cuttlefish operational diagram

Cuttlefish operational diagram
Source: Black Lotus Labs

Protecting from Cuttlefish

To protect against Cuttlefish, Black Lotus Labs recommends eliminating weak credentials, monitoring for unusual logins, securing traffic with TLS/SSL, and inspecting devices for abnormal files.

For SOHO router users, regular rebooting, firmware updates, password changes, and disabling remote access are essential measures to mitigate the risk posed by Cuttlefish.

Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!


Information Security Solutions

Find out how Pentesting Services can help you.


Join our Community

The post New Cuttlefish Malware Hijacks Router Traffic to Harvest Credentials first appeared on Black Hat Ethical Hacking. ...

🕵️ New Cuttlefish Malware Hijacks Router Traffic to Harvest Credentials


📈 86.43 Punkte
🕵️ Hacking

📰 New Cuttlefish Malware Hijacks Router Connections, Sniffs for Cloud Credentials


📈 61.13 Punkte
📰 IT Security Nachrichten

📰 New Cuttlefish malware infects routers to monitor traffic for credentials


📈 46.82 Punkte
📰 IT Security Nachrichten

🕵️ Cuttlefish 0-click Malware Hijacks Routers & Captures Data


📈 43.19 Punkte
🕵️ Hacking

📰 New Reductor Malware Hijacks HTTPS Traffic


📈 33.67 Punkte
📰 IT Security Nachrichten

📰 New Android-infecting malware brew hijacks devices. Why, you ask? Your router


📈 31.3 Punkte
📰 IT Security Nachrichten

📰 New Android Malware Hijacks Router DNS from Smartphone


📈 31.3 Punkte
📰 IT Security Nachrichten

📰 New Android-infecting malware brew hijacks devices. Why, you ask? Your router


📈 31.3 Punkte
📰 IT Security Nachrichten

📰 New Android Malware Hijacks Router DNS from Smartphone


📈 31.3 Punkte
📰 IT Security Nachrichten

📰 Cuttlefish-Malware kann Daten direkt von Routern stehlen


📈 26.51 Punkte
📰 IT Security Nachrichten

📰 Cuttlefish malware targets enterprise-grade SOHO routers


📈 26.51 Punkte
📰 IT Security Nachrichten

📰 Cuttlefish Malware Targets Routers, Harvests Cloud Authentication Data 


📈 26.51 Punkte
📰 IT Security Nachrichten

🕵️ Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service


📈 26.25 Punkte
🕵️ Sicherheitslücken

🕵️ Apache Traffic Control Traffic Router TCP Connection Slowloris Denial of Service


📈 26.25 Punkte
🕵️ Sicherheitslücken

📰 Beware! Fortnite Cheat Hijacks Gamers’ PCs to Intercept HTTPS Traffic


📈 26.21 Punkte
📰 IT Security Nachrichten

📰 Suspicious Event Hijacks Amazon Traffic For 2 hours, Steals Cryptocurrency


📈 26.21 Punkte
📰 IT Security Nachrichten

📰 Russian-Controlled Telecom Hijacks Traffic For Mastercard, Visa, And 22 Other Services


📈 26.21 Punkte
📰 IT Security Nachrichten

🕵️ Russian telco Rostelecom hijacks traffic for IT giants, including Google, Amazon and Facebook


📈 26.21 Punkte
🕵️ Hacking

🕵️ Russian telco hijacks internet traffic for Google, AWS, Cloudflare, and others


📈 26.21 Punkte
🕵️ Hacking

📰 China Telecom Hijacks US, Canadian Internet Traffic On a Regular Basis, Report Says


📈 26.21 Punkte
📰 IT Security Nachrichten

📰 Ubuntu 18.10 (Cosmic Cuttlefish) Officially Released, Here's What's New


📈 24.75 Punkte
📰 IT Security Nachrichten

🐧 Ubuntu 18.10 Cosmic Cuttlefish : See What's New


📈 24.75 Punkte
🐧 Linux Tipps

📰 Here's the New Login Screen of Ubuntu 18.10 (Cosmic Cuttlefish) with Yaru Theme


📈 24.75 Punkte
📰 IT Security Nachrichten

📰 Steam Phishing Campaign Steals Credentials, Hijacks Accounts


📈 24.6 Punkte
📰 IT Security Nachrichten

📰 Warning! New Malware Hijacks YouTube and Facebook Accounts


📈 24.13 Punkte
📰 IT Security Nachrichten

📰 New S1deload Stealer malware hijacks Youtube, Facebook accounts


📈 24.13 Punkte
📰 IT Security Nachrichten

📰 New HeadCrab Malware Hijacks 1,200 Redis Servers


📈 24.13 Punkte
📰 IT Security Nachrichten

📰 Researchers Warn of New OrBit Linux Malware That Hijacks Execution Flow


📈 24.13 Punkte
📰 IT Security Nachrichten

📰 New CopperStealer Malware Hijacks Social Media Accounts


📈 24.13 Punkte
📰 IT Security Nachrichten

📰 New Malware Hijacks Kubernetes Clusters To Mine Monero – Experts Insight


📈 24.13 Punkte
📰 IT Security Nachrichten

📰 New Malware Hijacks Kubernetes Clusters to Mine Monero


📈 24.13 Punkte
📰 IT Security Nachrichten

🕵️ New Malware Hijacks Cryptocurrency Mining


📈 24.13 Punkte
🕵️ Reverse Engineering

📰 New macOS malware hijacks DNS settings and takes screenshots


📈 24.13 Punkte
📰 IT Security Nachrichten

🐧 New Gafgyt Malware Variant Hijacks GPU Power in Cloud Environments


📈 24.13 Punkte
🐧 Linux Tipps

📰 New QBot Banking Trojan Campaign Hijacks Business Emails to Spread Malware


📈 24.13 Punkte
📰 IT Security Nachrichten

matomo