Yoroi stated in it’s blog that the C2 address is unknown to the community and to the threat intelligence platforms until now. If the Absolute Lojack components are not found, the malware kills itself. After this, the malicious code searches some components belonging to the legitimate software that should be already installed into the machine, with whom tries to establish a connection via RPC channel. When it starts, the malware copies itself into a new DLL: the final file is the same of the initial one, except for some header flags. The agent periodically contacts the Absolute server and sends to it the current machine’s position. The malicious code uses a C2 address unknown to the community and to the threat intelligence platforms until nowĭespite its legitimate purposes, the Absolute Lojack software acts like a rootkit (more precisely as a bootkit): its BIOS component forces the writing of a small agent named “rpcnetp.exe” into the system folder. In the past, this software was known as “Computrace”. Lojack is an anti-theft and localization software developed by Absolute Software Corporation and it is pre-installed in the BIOS image of several Lenovo, HP, Dell, Fujitsu, Panasonic, Toshiba, and Asus machines. According to Security Affairs, the behaviour of the new variant seems to be similar to the previous versions and exploits the legitimate “Absolute Lojack” software to grant its persistence on the infected system. Russian state sponsored hacker of APT28 (aka Sednit, Fancy Bear, Pawn Storm, Sofacy and STRONTIUM) are using it to target government organizations in the Balkans, in Central and Eastern Europe, using different components of the malicious code. Absolute LoJack has 8 sales & discounts right now. Our 9 offers have been used over 10 times today. Above you’ll find some of the best Absolute LoJack sales and discounts as ranked by our Slickdeals community and members. It’s the latest version of the well-known rootkit Double-Agent, previously analyzed by ESET researchers. Find the best August Absolute LoJack sales and discounts in 2022 to save money on your next purchase online or in-store. It has been discovered by the Cybaze ZLab – Yoroi cyber security experts. There’s a new variant in the wild of the infamous Lojax (aka Double-Agent) malware. They use it to to target government organizations in Balkans, Central and Eastern Europe The Cybaze ZLab – Yoroi cyber security experts: APT28 Russian state-sponsored hackers spread a new variant of the Lojax (aka Double-Agent) malware. After registration, you can enjoy the following benefits: Latest Absolute LoJack Coupon code, promotions, birthday gifts, etc.
0 Comments
Leave a Reply. |