- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Hide N Seek is back with a vengeance, adding two new exploits to its menacing family of malware. See how Palo Alto Networks customers are protected. Be sure you're protected, and track the malware family, too. Got Questions? Get Answers here on LIVEcommunity.
Executive Summary
The Hide ‘N Seek botnet was first discovered in January 2018 and is known for its unique use of Peer-to-Peer communication between bots.
Since its discovery, the malware family has seen a couple of upgrades, from the addition of persistence and new exploits, to targeting Android devices via the Android Debug Bridge (ADB).
This post details a variant of the family first seen on the 21st of February 2019, incorporating two new exploits: CVE-2018-20062, which targets ThinkPHP installations, and CVE-2019-7238, a Remote Code Execution (RCE) vulnerability in Sonatype Nexus Repository Manager (NXRM) 3 software installations.
While the ThinkPHP exploit has already been seen employed by several Mirai variants, the only other instance of the CVE-2019-7238 vulnerability being exploited in the wild has been by the DDG botnet. Our research, outlined below, shows that the Hide ‘N Seek botnet incorporated this exploit back in February 2019, even before the DDG botnet.
Technical Analysis
This newest version of the Hide ‘N Seek malware incorporates many of the previously seen features of the malware family including the persistence, the incorporation of exploits, and targeting Android devices via ADB.
In addition to exploits previously used by the malware family, this particular version is unique for its use of two new exploits.
Palo Alto Networks customers are protected by:
The malware family can be tracked in AutoFocus using the tag HideNSeek.
Learn more here:
Excerpted from a post by Ruchna Nigam,
Palo Alto Networks Unit 42
..........................................................................................................................................................................................
While taking aim against the exploits of Hide 'N Seek, be sure to take in the latest cybercrime drama from Netflix, Unit 42. Yep.
Glue yourself to the tube and tell us what you think.
Well, we know who the real Unit 42 is - find them hard at work, protecting our digital way of life here on Twitter:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Subject | Likes |
---|---|
4 Likes | |
3 Likes | |
3 Likes | |
2 Likes | |
2 Likes |
User | Likes Count |
---|---|
11 | |
4 | |
3 | |
2 | |
2 |