Skip to main content

Hackers use open source tools to steal usernames and passwords

posted onSeptember 9, 2021
by l33tdawg
IT Pro
Credit: IT Pro

Security researchers have discovered a new campaign by cyber criminal gang TeamTNT that targets multiple operating systems and applications.

Dubbed Chimaera,  this campaign uses multiple shell/batch scripts, new open source tools, a cryptocurrency miner, the TeamTNT IRC bot, and more, according to AT&T Alien Labs. In an investigation of the group's command and control (C&C) server, researchers said the campaign has been running since July this year and is responsible for thousands of infections globally.

Researchers said the hackers are using new, open source tools to steal usernames and passwords from infected machines and targeting various operating systems, including Windows and various Linux distributions, including Alpine (used for containers), AWS, Docker, and Kubernetes. Tools the hackers used include, Masscan and port scanner to search for new infection candidates; bprocesshider for executing their bot directly from memory; 7z to decompress downloaded files; b374k shell, which is a PHP web administrator that can be used to control infected systems;  and Lazagne, an open source tool for multiple web operating systems that collects stored credentials from numerous applications.

Source

Tags

Security

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th