General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsX-Agent malware
I'm reading the indictment and shudder to think that almost any computer in the world could have this Russian X-Agent malware installed in it. It captures both keystrokes and screenshots.
The blackmail potential is enormous.
How do we protect our (my) privacy?
Geeks, please!
hlthe2b
(102,119 posts)At that time, Palo Alto tied Komplex to the Sofacy Group also known by the names Fancy Bear and APT28, among others a Russian hacking organization that has since been linked to such things as the hack of the Democratic National Convention.
XAgent is a backdoor that provides a number of powerful remote access features, including keylogging, screenshots, remote shell access, and file exfiltration. Of particular interest is a command that provides the hacker with information about iOS backups stored on the infected Mac. iPhones (and other iOS devices) are notoriously difficult to hack, but by targeting backups instead, this malware could access potentially sensitive iPhone data.
Interestingly, Patrick Wardle, Director of Research at Synack, had another interesting revelation about this malware. He shows quite convincingly that the Sofacy Group used code copied from the Hacking Team. (Hacking Team is the creator of the Remote Control System backdoor, which it sells to governments and law enforcement, among other organizations.)
Hacking Team was itself the victim of a hack in 2015, and all their source code was made public. Wardle was able to demonstrate key similarities, such as identical bugs, in the decompiled XAgent code and the leaked Hacking Team code. It appears that Sofacy used Hacking Team code in their malware, most likely obtained from the Hacking Team breach.
According to a whitepaper released by Bitdefender, the malware installs itself into the following folder, where it is given one of a set of hard-coded names:
At the time of its discovery, the XAgent command & control servers were down, meaning that this variant of the malware is no longer a threat.
That said, if you are not routinely updating both Windows and Mac devices and keeping both anti-viral and malware packages up to date, you are vulnerable in general. I spend every early Sunday morning doing so on all iphones, ipads, windows laptops.
superpatriotman
(6,246 posts)ipads, and iphones?
Thanks in advance.
hlthe2b
(102,119 posts)link clicks and attachments. I pick up any email attachments on my pc. For that I use both a comprehensive anti-viral package (varies each time I renew based on current reviews), the full paid version of malwarebytes, and I use Adblockplus on my browsers.
Most people get in trouble (as in this backdoor vulnerability) from NOT updating their operating systems.
MineralMan
(146,254 posts)that could be used to blackmail you. You're just talking about one malware exploit. There are thousands of them.
Dave Starsky
(5,914 posts)And think that by deleting them, you're covering your tracks, you are definitely doing it wrong.
MineralMan
(146,254 posts)The point is that you can't be blackmailed if you aren't doing something that could be used to blackmail you. There's no way anyone could blackmail me over anything. Of that I'm certain. So, while I'd rather nobody was hacking my PC or phone, if they were, they'd find nothing they could use, so they'd move on.
As long as you're connected to the world around you, you're vulnerable to exploits of your technology. So, act right and don't worry about it. Safeguard your financial and personal information and get on with your life. Chances are you won't be a target of anything. I don't know about other people, but I'm not that interesting, really.
Dave Starsky
(5,914 posts)But you'd be amazed how often people leave "low hanging fruit" (maybe a poor choice of words) out there for others to exploit. Well, no, you wouldn't be surprised. You know.
Then there is the complication that people can live a pristine life without blackmailable behavior and STILL be framed by other people hacking their computers. But, as you say, the chances of that happening are small if you're just an ordinary, insignificant Joe. They are greater if you have some prominence in society.