This installer later downloads the full agent from Absolute’s servers via the internet. The software agent behaves like rootkit (bootkit), reinstalling a small installer agent into the Windows OS at boot time. Wikipedia on LoJack: “Analysis of Computrace by Kaspersky Lab shows that in rare cases, the software was preactivated without user authorization. Although the initial intrusion vector for this activity remains unknown, Fancy Bear often utilizes phishing email to deliver payloads. Lojack makes an excellent double-agent due to appearing as legit software while natively allowing remote code execution. Lojack, formally known as Computrace, is a legitimate laptop recovery solution used by a number of companies to protect their assets should they be stolen. They also target industries that do business with such organizations, such as defense contractors. Fancy Bear actors typically choose geopolitical targets, such as governments and international organizations. government have both attributed Fancy Bear activity to Russian espionage activity. These hijacked agents pointed to suspected Fancy Bear (a.k.a. Interesting findings by about Computrace/LoJack (UEFI rootkit) malicious activity We already discussed LoJack low-level details in #BHASIA talk last year (from slide 33) Alex Matrosov May 2, 2018ĪSERT recently discovered Lojack agents containing malicious C2s.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |