dcsimg
June 21, 2018
Hot Topics:

Cyberattack Exploits Software Update Process

  • May 5, 2017
  • By Developer.com Staff

Microsoft is warning software developers and their customers about a cyberespionage campaign that delivers malware when enterprises update their applications. Called WilySupply, the campaign makes use of open source penetration tools like Evil Grade and Meterpreter and installs an "unsigned, low-prevalence executable" alongside legitimate software updates. "The downloaded executable turned out to be a malicious binary that launched PowerShell scripts bundled with the Meterpreter reverse shell, which granted the remote attacker silent control. The binary is detected by Microsoft as Rivit," Microsoft explained.

According to the company, several technology and financial organizations have fallen victim to the attack, and the software developer was also a target.

View article






Comment and Contribute

 


(Maximum characters: 1200). You have characters left.

 

 


Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that developer.com may send you developer offers via email, phone and text message, as well as email offers about other products and services that developer believes may be of interest to you. developer will process your information in accordance with the Quinstreet Privacy Policy.

Sitemap

×
We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.
Thanks for your registration, follow us on our social networks to keep up-to-date