• This devious new malware technique looks to hijack Windows itself

    From TechnologyDaily@1337:1/100 to All on Thursday, December 12, 2024 15:15:05
    This devious new malware technique looks to hijack Windows itself to avoid detection

    Date:
    Thu, 12 Dec 2024 15:14:00 +0000

    Description:
    There is a way to abuse accessibility features on Windows to hide malware, similar to how it's done on Android.

    FULL STORY ======================================================================Security
    researchers from Akamai found UI Automation accessibility feature could be abused for malicious use UI Automation must be allowed to do all the things malware usually does, which makes it difficult for antivirus programs to spot it Admins can monitor the OS for suspicious activity

    Cybersecurity researchers from Akamai have discovered a new way to get
    malware to run on Windows devices without triggering Endpoint Detection and Response (EDR) tools.

    In a report published on the Akamai blog earlier this week, it was said that starting with Windows XP, the OS introduced a feature called UI Automation,
    as part of the .NET Framework. This feature is designed to provide programmatic access to user interface elements, enabling assistive technologies like screen readers to interact with applications and help users with disabilities. It also supports automated testing scenarios by allowing developers to manipulate and retrieve information from UI components programmatically.

    But if a piece of malware were to abuse UI Automation, they could execute different malicious commands without triggering any security alarms: "To exploit this technique, a user must be convinced to run a program that uses
    UI Automation," Akamai said in its writeup. "This can lead to stealthy
    command execution, which can harvest sensitive data, redirect browsers to phishing websites, and more." Detecting possible attacks

    The new technique is essentially a port from Android, since it revolves
    around accessibility features.

    Since the malware would essentially be abusing whats otherwise a benign, intended use, antivirus programs would have a difficult time flagging the activity. In essence, it is the same as with Android - the accessibility services API has become the go-to way for malware on the platform. It is also the best way to spot malicious applications, since they all must ask for permission to use Accessibility Services, first.

    To detect possible attacks, admins should monitor the use of UIAutomationCore.dll, the researchers concluded. It being loaded to a previously unknown process should be cause for concern, it was said. Furthermore, network admins can monitor the named pipes that are opened on an endpoint by the UIA, which is another indicator of use.

    The details on how to do that can be found here . You might also like Researchers develop new tool for spotting Android malware Here's a list of
    the best antivirus These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-devious-new-malware-technique-look s-to-hijack-windows-itself-to-avoid-detection


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)