Hackers behind the BitPaymer ransomware strain used a vulnerability in the Bonjour updater of iTunes for Windows to evade detection from antivirus software, according to a security firm.
The problem deals with the Apple-created Bonjour updater that comes with iTunes for Windows, which is used to deliver software updates to the app. Security firm Morphisec has discovered it also suffers from an “unquoted path vulnerability,” which can cause the Bonjour updater to indiscriminately run a file, whether it be safe or malicious.
The hackers behind the BitPaymer ransomware strain discovered the vulnerability and used it in their attacks. Specifically, they delivered a malicious file to exploit the flaw as a way to evade detection from antivirus software onboard a Windows system.
The Bonjour updater is well known in the software industry, and as a result, antivirus protection algorithms will generally ignore it to prevent software conflicts on Windows PCs, Morphisec CTO Michael Gorelik wrote in a Thursday report.
“In this scenario, Bonjour was trying to run from the ‘Program Files’ folder, but because of the unquoted path, it instead ran the BitPaymer ransomware since it was named ‘Program,'” he added.
- TikTok removed nearly 90 million videos globally in the second half of 2020
- Mastercard, MTN partner To enable payments on global platforms with Mobile Money
- Using lessons learnt in 2020 to combat the security threats in 2021
- Cybercrime and the pandemic – Read Now!
- Here is why enterprise security isn’t just an IT problem
According to Morphisec, the BitPaymer ransomware attackers have been targeting companies by first delivering phishing emails that secretly contain malware. The attackers will then conduct reconnaissance over the target’s corporate network before unleashing a ransomware on the victim’s computers. Other attacks have involved first guessing the passwords to remote desktop computers at a victim organization to gain a foothold.
Fortunately, Apple earlier this week fixed the unquoted path vulnerability in iTunes by rolling out updates for iCloud to both Windows 7 and Windows 10. However, Morphisec is warning that many users may be running unpatched versions of the Bonjour updater on their PCs, despite having removed iTunes.
source: By Michael Kan / pcmag.com