Kaspersky has said that three cross-platform threats, FakeSG campaign, Akira ransomware and AMOS macOS stealer, are posing major risks as cybercriminals target multiple operating systems, according to an alert by the tech security company.
Kaspersky’s Global Research and Analysis Team (GReAT) in its recent report, said it has discovered the three cross-platform threats and exposes three new strategies being utilised by cybersecurity criminals.
Cross-Platform threats, the tech security company explained, are malicious attacks that can infect or affect multiple operating systems such as windows, linux, macOS. These threats can be delivered through various means such as malicious attacks, email attachments and infected software downloads, among others. Once installed, the malware steals sensitive information and can take control of the computer system or the entire network. Each of these threats uncovered by Kaspersky pose significant concerns for cybersecurity.
Cybercrime encompasses illegal or harmful activities involving networks, computers and or digital devices. These illegal activities are carried out by cybercriminals who engage in various tactics using malware (software used to gain access to IT systems to steal data, disrupt or damage networks), phishing (tricking people to divulge sensitive information), ransomware and stealers to carry out their attack. To counter these threats, cybersecurity solutions companies like Kaspersky develop security tools and services such as antivirus software, firewalls, intrusion detection and prevention systems in order to protect individuals and organisations from the growing threat of cyber attacks.
FakeSG
This is one of the latest cyber threats discovered by GReAT. Here, compromised websites mimic the victims browser and urge them to update it by displaying deceptive browser update notifications. However, instead of installing a legitimate browser update, the harmful file with the constant path (/cdn/wds.min.php) is downloaded. This malicious software thus infiltrates the users device. FakeSG tactics can be known through their obfuscation and payload delivery tactics. It then covertly runs a series of scripts which enables a remote command and control C2 address of the infected computer. This address is a hidden communication channel between the compromised devices and attackers platform.
Akira
Another ransomware virus discovered by Kaspersky, this malicious software targets Windows and Linux systems. GReAT’s finding reveal that the Akira malware has “swiftly infected more than 60 organisations globally, targeting retail, consumer goods, and education establishments.” The Akira malware encrypts data on infected computers and manipulates filenames by appending the “.akira” extension. According to Business Standard, this malware operates “through a double extortion technique, much like others of its kind, stealing information from victims and then threatening to release it on the dark web if the ransom is not paid.” Thus mounting pressure on victims to pay the ransom in order to protect their information.
Akira is similar to another ransomware called conti which also has an identical folder list. Another distinctive feature is its old-school minimalistic design command and control (C2) panel which fortifies against analysis attempts.
AMOS
This malware is also known as the Atomic macOS Stealer (AMOS). This malware, classified as a stealer targets macOS systems and collects information from infected devices. AMOS surfaced in April 2023 and “initially sold for US$1,000/month on Telegram, and evolved from Go to C, deploying malvertising on cloned software sites.”
According to PC Risk, this malware first uses a social engineering technique to display a “fake pop-up window requesting access to System Preferences and prompting the user to enter their password.” The malware goes on to extract device data, collect data from Keychain -the Mac password manager, steal information from browsers, and targets cryptowallets. The data collected is transmitted to the Command and Control server which utilses a “unique UUID for identification.”
Commenting on these new cross-platform threats, Jornt van der Wiel, the senior security researcher at GReAT urges consumers that “adapting to the dynamic landscape of cyber threats is paramount to safeguarding our digital environments. The emergence of this new crimeware, coupled with the non-standard methods cybercriminals employ across diverse operating systems, underscores the urgency for vigilance and innovation in detection. Staying one step ahead requires a collective effort, emphasising the crucial role of continuous research and collaboration to fortify our defenses against evolving cyber threats.”
Kaspersky: Recommended tips to prevent financially-motivated threats
Set up offline backups that intruders cannot tamper with. Make sure you can quickly access them in an emergency when needed.
Install ransomware protection for all endpoints. There is a free Kaspersky Anti-Ransomware Tool for Business, which shields computers and servers from ransomware and other types of malware, prevent exploits, and is compatible with pre- installed security solutions.
To minimise the likelihood of crypto-miners being launched, use a dedicated security solution such as Kaspersky Endpoint Security for Business with application and web control; behaviour analysis helps users to detect malicious activity quickly, while the vulnerability and patch manager protects devices from crypto-miners that exploit vulnerabilities.
Cyber security threats are constantly evolving and as such, protecting one’s device from malicious attacks is of utmost importance, the company said.
