SecurityBrief India - Technology news for CISOs & cybersecurity decision-makers
Story image
Kaspersky uncovers FakeSG, Akira and AMOS as latest cyber threats
Thu, 21st Dec 2023

Kaspersky's Global Research and Analysis Team (GReAT) has identified three cross-platform threats and new strategies being utilised by cyber criminals. These include the FakeSG campaign, Akira ransomware, and the AMOS macOS stealer.

Cyber criminals continue their attempts to capitalise on victims across multiple platforms, highlighting the importance of persistent vigilance against cyber threats.

The most recent cyber threat exposed by GReAT is FakeSG. It involves legitimate websites being infiltrated to present misleading browser update notifications. Clicking on these notifications triggers the download of a malicious file which, despite changing URLs, continues to follow the path (/cdn/wds.min.php).

A harmful configuration file in the downloaded file reveals the Command and Control (C2) address, showing the complexity of this campaign.

Akira, a newly detected ransomware variant affecting both Windows and Linux systems, has quickly infected over 60 organisations worldwide across the retail, consumer goods, and education sectors. Its cross-platform functionality demonstrates the far-reaching effect on various industries.

Akira bears similarities to the Conti ransomware, such as an identical folder exclusion list, but includes a unique Command and Control (C2) panel with a minimalist design to evade analysis attempts. This underlines the increasing sophistication of cyber threats.

Debuting in April 2023, the AMOS macOS stealer was initially sold for US$1,000 per month on the Telegram app. It has since transitioned from Go to C, and uses malvertising on cloned software sites to infiltrate macOS systems, extracting and compressing user data for transmission to the Command and Control server and applying a unique UUID for identification.

This demonstrates a surge in macOS-specific stealers exploring possible vulnerabilities, veering away from their historical association with Windows platforms.

"Adapting to the dynamic landscape of cyber threats is paramount to safeguarding our digital environments. The emergence of this new crimeware, coupled with the non-standard methods cyber criminals employ across diverse operating systems, underscores the urgency for vigilance and innovation in detection."

"Staying one step ahead requires a collective effort, emphasising the crucial role of continuous research and collaboration to fortify our defenses against evolving cyber threats," says Jornt van der Wiel, senior security researcher at GReAT.

Kaspersky offers several recommendations for preventing financially motivated threats. These include setting up offline backups that cannot be tampered with by intruders and ensuring quick access in an emergency when needed.

Installing ransomware protection for all endpoints is advised, as there are free tools available that protect computers and servers from ransomware and other malware types, preventing exploitation and compatible with pre-installed security solutions.

Lastly, to minimise the likelihood of crypto-miners being launched, using a dedicated security solution such as Kaspersky Endpoint Security for Business, with application and web control, behavioural analysis can aid users in quickly detecting malicious activity, while its vulnerability and patch manager protects devices from crypto-miners that exploit vulnerabilities.