StrongPity APT Covets Secrets of Crypto Users

Discussion in 'malware problems & news' started by ronjor, Oct 10, 2016.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,770
    Location:
    Texas
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
    Solution:

    Always run apps inside a sandbox while being monitored by HIPS, to see how they behave. :D
     
  3. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    This attack relies 100% on someone downloading programs and not verifying the signatures; e.g. sha512 sums! We post about the importance of doing this to avoid MITM type hijacks. Apparently due to their success with distribution many users are still not protecting themselves in this way.
     
  4. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,068
    Yes I agree, checksums can prevent this. Sometimes developer doesn't provide them so you have to find them for yourself. Also getting binary from developer's site and checksum from some other site could be more safe - in case when developer's site is breached. Does anybody know of a site where checksums for popular software can be found?
     
  5. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    882
    ...or digital signatures. Some people simply execute the file even if there is a big yellow UAC prompt (digital signature is broken)
     
  6. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    I am not sure I would use such a site. Then you are extending "trust" to a third party. My .02

    In addition to security, a major plus to signature verification is that it also demonstrates file integrity. If I pull a 1 Gig file through the pipe I want to know its good to go before I deploy it in my system. This has nothing to do with security. How many times has someone fought with their OS only to find out they are using a software package that came through the pipe with errors. Happens all the time, especially on Windows. Using Linux I generally find the common stuff in the repositories so digital signatures are automatically confirmed during upgrades, installs, etc..... For those outside (special needs stuff) I find the good authors are proud to certify their files with signatures. It shows they care and are performing due diligence for me.
     
Loading...