Backdoor Uses Socket.io for Bi-directional Communication

guest · Jun 6, 2018

Backdoor Uses Socket.io for Bi-directional Communication
A recently discovered remote access Trojan is using a specialized program library that allows operators to interact with the infected machines directly, without an initial “beacon” message, G Data reports.
June 6, 2018
https://www.securityweek.com/backdoor-uses-socketio-bi-directional-communication

Dubbed SocketPlayer, the backdoor stands out because it doesn’t use the typical one-way communication system that most banking Trojans, backdoors, and keyloggers use. Instead, it employs the socket.io library, which enables real-time, bi-directional communication between applications.

Because of this feature, the malware handler no longer has to wait for the infected machine to initiate communication, and the malware operator can contact the compromised computer on their own.

It also downloads another executable, which in turn downloads SocketPlayer, decrypts it, and runs it in memory.
The security researchers also noticed that the two variants of the backdoor went through a series of changes between samples, such as the use of a new command and control port, new file locations, different information sent in the initial routine, new commands added to the server, and new functionality included in the malware.
Click to expand...

Rasheed187 · Jun 9, 2018

I don't get it, what's so special about this. Any firewall should be able to block this, no?

Log in or Sign up

Backdoor Uses Socket.io for Bi-directional Communication

guest Guest

Rasheed187 Registered Member

Log in or Sign up

Backdoor Uses Socket.io for Bi-directional Communication

guest Guest

Rasheed187 Registered Member

Useful Searches