Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

Hackers distribute problem Win10 ISO images and steal cryptocurrencies through EFI partition concealment

2025-02-22 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > IT Information >

Share

Shulou(Shulou.com)11/24 Report--

CTOnews.com, June 14, Dr. Web, a network security company, recently released a blog post asking users not to download streamlined and pirated Win10 ISO images through untrusted channels.

The agency recently found that attackers distribute Win10 ISO images and hide mining code in the EFI (Extensible firmware Interface) partition to avoid software-killing monitoring.

CTOnews.com note: the EFI partition is a small system partition that contains boot loaders and related files that are executed before the operating system starts. Mainstream anti-software does not scan EFI partitions, so malware can bypass malware detection.

These malicious Win10 ISO images contain the following malicious applications:

\ Windows\ Installer\ iscsicli.exe (dropper)

\ Windows\ Installer\ recovery.exe (injector)

\ Windows\ Installer\ kd_08_5e78.dll (clipper)

Once the device is infected, it monitors the process resource manager, task manager, process monitor, processes, and so on, and as soon as the cryptocurrency wallet address in the clipboard is found, it is immediately replaced with the address preset by the attacker.

Dr. Web said it investigated the redirected encrypted wallet address and found that the wallet account contained at least $19000 worth of cryptocurrency (CTOnews.com Note: currently about 136000 yuan).

The agency lists several problem Win10 ISO images, but indicates that there are still many problem images actually distributed:

Windows 10 Pro 22H2 19045.2728 + Office 2021 x64 by BoJlIIIebnik RU.iso

Windows 10 Pro 22H2 19045.2846 + Office 2021 x64 by BoJlIIIebnik RU.iso

Windows 10 Pro 22H2 19045.2846 x64 by BoJlIIIebnik RU.iso

Windows 10 Pro 22H2 19045.2913 + Office 2021 x64 by BoJlIIIebnik [RU, EN] .iso

Windows 10 Pro 22H2 19045.2913 x64 by BoJlIIIebnik [RU, EN]. Iso

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Mirror malicious encryption address process wallet currency attacker system software attack monitoring management problem security operating system mainstream people RMB code vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple Huawei Docker Microsoft Redmi Xiaomi MariaDB OPPO Reno macOS Apple Shulou Technology NVidia Shulou Tech Info MySQL Shulou Information Linux vpn Huawei Docker Microsoft Redmi Xiaomi MariaDB OPPO Reno macOS Apple Shulou Technology NVidia Shulou Tech Info MySQL Shulou Information Linux vpn

Share To

Related

IT Information

More IT Information >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report