Malware operators abuse Windows Narrator

Topic

New Reply

Malware operators abuse Windows Narrator software in Asian attack wave
The threat group is able to remotely control vulnerable systems without credentials.

A new wave of attacks conducted by a suspected Chinese advanced persistent threat (APT) group is replacing Windows Narrator with a malicious variant for remote, persistent access…

An interesting tactic employed by these threat actors is the replacement of the Narrator “Ease of Access” feature in Microsoft Windows machines.

A modified version of a Chinese open-source backdoor, named PcShare and available on GitHub, is used to sink the attacker’s claws into a machine. ..

The DLL is side-loaded with assistance from the legitimate “Nvidia Smart Maximise Helper Host” application that is part of the Nvidia GPU graphics driver. ..

https://www.zdnet.com/article/malware-operators-replace-windows-narrator-software-with-trojan-in-new-wave-of-attacks/

Reply | Quote

Replies

Alex5723 wrote:

A new wave of attacks conducted by a suspected Chinese advanced persistent threat (APT) group is replacing Windows Narrator with a malicious variant for remote, persistent access…

Over the course of the last two years, BlackBerry Cylance researchers uncovered a suspected Chinese advanced persistent threat (APT) group conducting attacks against technology companies located in south-east Asia.

https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html

 

Alex5723 wrote:

An interesting tactic employed by these threat actors is the replacement of the Narrator “Ease of Access” feature in Microsoft Windows machines.

In order to deploy the Trojanized Narrator, the attackers will first have had to obtain administrative privileges in the victim’s system.

https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html

 

Reply | Quote