Malware called Plead is at it again!

ESET detected the activity in Taiwan, where the ‘Plead’ malware is most active. According to the data, the cyber-attackers behind this software are targeting legitimate ASUS Webstorage software using ‘man in the middle’ (MitM) attacks via compromised routers. Previously, the Plead software was found to be used in targeted attacks by the malicious BlackTech group.

They can interfere during the update

Anton Cherepanov from ESET announced the investigation into the threat. Cherepanov explained: “ASUS Webstorage software is vulnerable to such attacks. To summarize, the software update is requested and transmitted using HTTP. An update is then downloaded, and when that update is ready to be executed, the software cannot verify whether it is genuine or not without executing it. Thus, if attackers can intervene during the update process, they can cause a malicious update to be made.”

First target routers

According to previous research on the subject, the Plead malware is able to hijack vulnerable routers and even use them as C&C (command-control) servers for the malware.

“Our research has revealed that most affected organizations have routers made by the same manufacturer. Moreover, the management panels of these devices can be accessed from the internet. Thus, we conclude that a ‘man-in-the-middle’ attack at the router level is the most likely scenario,” added Anton Cherepanov.

Cherepanov also advised: “It is critical that software developers not only deeply monitor their environment for possible intrusions, but also implement appropriate update mechanisms in their products so that they are resistant to ‘man-in-the-middle’ attacks.”

You can read the related ESET article and detailed attack analysis here.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *