Narrator just took over my PC

Stefan Mileschin · 29th September 2019, 15:33

I would like, if I may, to take you on a strange journey.

A Chinese advanced persistent threat (APT) group has been attacking tech companies using a trojanised screen-reader.

Replacing the built-in Narrator "Ease of Access" feature in Windows, the attackers also deploy a version of the open-source malware known as the PcShare backdoor to gain an initial foothold into victims' systems. Using the two tools, the adversaries are able to surreptitiously control Windows machines via remote desktop logon screens, without the need for credentials.

The attacks begin by delivering the PcShare backdoor to victims via spearphishing campaigns. It has been modified and designed to operate when side-loaded by a legitimate Nvidia application.

It is "tailored to the needs of the campaign, with additional command-and-control encryption and proxy bypass functionality, and any unused functionality removed from the code", explained researchers with BlackBerry Cylance, in an analysis posted on Wednesday. The unused functionality includes audio/video streaming and keyboard monitoring, suggesting that it's strictly being used to install other malware.

https://fudzilla.com/news/49476-narr...ook-over-my-pc

29th September 2019, 15:33	#1
Stefan Mileschin [M] Reviewer Join Date: May 2010 Location: Romania Posts: 153,575	Narrator just took over my PC I would like, if I may, to take you on a strange journey. A Chinese advanced persistent threat (APT) group has been attacking tech companies using a trojanised screen-reader. Replacing the built-in Narrator "Ease of Access" feature in Windows, the attackers also deploy a version of the open-source malware known as the PcShare backdoor to gain an initial foothold into victims' systems. Using the two tools, the adversaries are able to surreptitiously control Windows machines via remote desktop logon screens, without the need for credentials. The attacks begin by delivering the PcShare backdoor to victims via spearphishing campaigns. It has been modified and designed to operate when side-loaded by a legitimate Nvidia application. It is "tailored to the needs of the campaign, with additional command-and-control encryption and proxy bypass functionality, and any unused functionality removed from the code", explained researchers with BlackBerry Cylance, in an analysis posted on Wednesday. The unused functionality includes audio/video streaming and keyboard monitoring, suggesting that it's strictly being used to install other malware. https://fudzilla.com/news/49476-narr...ook-over-my-pc

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Upcoming Windows 10 accessibility features include Narrator upgrades	Stefan Mileschin	WebNews	0	23rd March 2018 12:24