1 min read

Anti-theft LoJack supposedly manipulated by Russian hackers to hijack computers

Luana PASCU

May 04, 2018

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Anti-theft LoJack supposedly manipulated by Russian hackers to hijack computers

Security researchers from Arbor Networks” ASERT lab have found that laptop recovery software LoJack appears to be used in a sophisticated, yet subtle, Russian state-sponsored attack scheme through remote code execution. The tool was created as an anti-theft program to remotely protect corporate information should computers be stolen.

Security solutions don”t flag the malware hidden in the installation as malware activity, which makes it easy for attackers to intercept the communication and get inside the computer.

Anyone with administrator privilege can use the software to locate and encrypt stolen computers, and delete information. Some devices have the tool by default.

“This is basically giving the attacker a foothold in an agency,” said in an interview with Dark Reading Richard Hummel, manager of threat research at NETSCOUT Arbor’s ASERT. “There’s no LoJack execution of files, but they could launch additional software at a later date.”

According to the report published on Tuesday, the Fancy Bear hacking group was manipulating the software to hack into a company”s network. Fancy Bear servers appear to have been communicating with a number of LoJack executables; “LoJack agents containing command and control (C2) domains likely associated with Fancy Bear operations,” reads the report.

“If they’re on a critical system or the user is someone with high privileges, then they have a direct line into the enterprise,” Hummel added, “with the permissions that LoJack requires, [the attackers] have permission to install whatever they want on the victims’ machines.”

It”s not yet clear how the malware payloads spread, but researchers believe the hackers used phishing techniques.

Fancy Bear has been widely covered in the news due to its strong association with Russian military intelligence and the attacks against the Democratic National Committee in the US.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Most Employees Believe Passwords Affect Their Productivity, Research Finds Most Employees Believe Passwords Affect Their Productivity, Research Finds
Silviu STAHIE

December 06, 2021

1 min read
US State Department iPhones Infected with Pegasus Spyware – Report US State Department iPhones Infected with Pegasus Spyware – Report
Filip TRUȚĂ

December 06, 2021

2 min read
Phishers Targeting Victims with ‘Free’ PCR Test for Omicron COVID-19 Variant Phishers Targeting Victims with ‘Free’ PCR Test for Omicron COVID-19 Variant
Filip TRUȚĂ

December 03, 2021

2 min read