March 15, 2018

Crypto-Malware – WST

Tainted Well

Supply chain attacks are heating up, as it was discovered that a popular BitTorrent client was pushing out crypto-mining software to its users. A supply chain attack is one where attackers gain access to a software vendor’s file distribution site or update mechanism, and inject their payload into installation and update packages. Unsuspecting users then download the tainted versions directly from the official site – and why would they be suspicious? Everything looks normal!

With this recent incident, initial reports indicate the crypto-malware was snuck into the MediaGet BitTorrent client, and was signed with a stolen certificate, allowing it to remain undetected from around February 12, 2018 until March 01, 2018. This incident, along with similar recent attacks to CCleaner and the MacOS Transmission BitTorrent client, serves as a warning that all sectors need to be ready for an attack method that was previously only tied to state level espionage.

Attackers are constantly improving their methods to increase their success, and even trusted software sources can become tainted. Stopping these types of attacks largely depends on software vendors practicing proper security in their environments. In house application teams should work with security, to help protect the integrity of applications. End users should continue to make sure they have up-to-date antivirus and operating systems. Finally, understanding the threat, and knowing it is a possibility, can help you remain alert.

Past Weekly Security Tips – WST