On Tuesday, June 18th, 2024, Rapid7 initiated an investigation into suspicious activity in a customer environment. Their investigation identified that the suspicious behavior was emanating from the installation of Notezilla, a program that allows for the creation of sticky notes on a Windows desktop.
Installers for Notezilla, along with tools called RecentX and Copywhiz, are distributed by the India-based company Conceptworld at the official domain conceptworld[.]com. After analyzing the installation packages for all three programs, Rapid7 discovered that the installers had been trojanized to execute information-stealing malware that has the capability to download and execute additional payloads.
Read more…
Source: Rapid7
Related:
- GSA proposes new cybersecurity reporting rules for contractors
November 19, 2018
The General Services Administration is proposing new rules shaping how contractors protect government information on the IT systems they manage. Tucked in a Friday Federal Register post detailing the Unified Agenda of Federal Regulatory and Deregulatory Actions, two proposed rules — GSAR Case 2016-G511 and 2016-G515 — call for amending the General Services Administration Acquisition Regulation to include ...
- Critical Infrastructure & Supply Chain Remain Highly Vulnerable to Attacks
October 24, 2018
This week, the National Cyber Security Alliance (NCSA) reminds us that, “our day-to-day life depends on the country’s 16 sectors of critical infrastructure, which supply food, water, financial services, public health, communications and power along with other networks and systems. A disruption to this system, which is operated via the internet, can have significant and even catastrophic ...
- DHS and GCHQ join Amazon and Apple in denying Bloomberg chip hack story
October 8, 2018
Both US and UK intelligence officials have put out statements over the weekend in support of Amazon, Apple, and Supermicro in regards to recent allegations made by Bloomberg in an article published last week. On Thursday, Bloomberg reporters claimed that Chinese intelligence had secretly implanted spy chips inside motherboards used for Supermicro servers that eventually made ...
- Apple, Amazon Strongly Refute Server Infiltration Report
October 4, 2018
An explosive Bloomberg report, if true, would highlight the largest supply chain attack to have been launched against American corporations. Apple and Amazon are strongly refuting a report claiming that Chinese spies infiltrated third-party motherboards used on servers by U.S. companies. If true, the incident would be the largest supply chain attack to have been launched ...
- House Passes Bill Expanding DHS’ Power to Block Risky Contractors from Government Networks
September 5, 2018
The House passed legislation Tuesday that would dramatically broaden the Homeland Security Department’s power to block contractors and subcontractors that officials determine present cybersecurity and national security risks to the department’s technology supply chain. The bill, which is modeled on an authority already granted to the Defense Department, comes after Congress took action in the past ...
- Pentagon Circulates Software ‘Do Not Buy’ List
July 30, 2018
The US Department of Defence has begun circulating a “do not buy” list of software it considers to have Russian and Chinese connections, in the country’s latest tightening of restrictions on foreign tech influence. The Chinese and Russian governments have called previous US restrictions on companies such as Russian security software firm Kaspersky Lab and Chinese telecoms equipment ...