Monday, August 8, 2022
  • Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 1, 2022
  • GUEST ESSAY: How to secure ‘Digital Twins’ to optimize asset use, while reducing exposures
  • Phone Numbers Used for Identification, Hacker Summer Camp Advice, Samsung Repair Mode
  • Weak Cybersecurity is taking a toll on Small Businesses
  • Red Team Tools

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Events
    • Upcoming Events
    • Upcoming Webinars
    • On-Demand Events
    • On-Demand Webinars
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About Us

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Malware SBN News Security Bloggers Network 

Home » Cybersecurity » Malware » New ‘Farseer’ Malware Designed to Spy on Windows Users

SBN

New ‘Farseer’ Malware Designed to Spy on Windows Users

by David Bisson on February 27, 2019

Researchers have uncovered a new family of malware called “Farseer” that’s designed to conduct surveillance against Windows users.

DevOps Connect:DevSecOps @ RSAC 2022

Discovered by Palo Alto Networks, Farseer works by using a technique known as “DLL sideloading” to drop legitimate, signed binaries to the host. These binaries usually consist of trusted applications that don’t raise any red flags with anti-virus software. As such, they’re able to ultimately load “sys.dll” as the malicious payload without generating any alerts.

Once it begins running, “sys.dll” locates another file named “stub.bin.” It then loads “sys.dat,” a configuration file for Farseer’s communications with its command and control (C&C) server.

This particular file stands out because it shares certain similarities with the config resource used by HenBox. In March 2018, Palo Alto Networks first discovered this Android malware family masquerading as VPN and Android system apps in an effort to target Uyghurs, a Turkic ethnic group consisting primarily of Muslims which lives in the Xinjiang Uyghur Autonomous Region in North West China. The security firm’s researchers subsequently took a closer look at HenBox and found that it shares ties to infrastructure used in previous targeted attacks involving threats like PlugX, Zupdax, 9002 and Poison Ivy.

Palo Alto Networks verified that these same connections apply to Farseer.

Maltego chart showing overlaps between Farseer and related threats. (Source: Palo Alto Networks)

With its configuration file loaded, Farseer creates a registry entry that runs a VBS script and executes “bscmake.exe.” This step ensures that the malware loads up every time a user logs onto their Windows machine. At that point, it can collect information about the infected host and report back to its C&C.

Researchers at Palo Alto Networks see Farseer as a step to ramp up threat activity in South East Asia. As (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/new-farseer-malware-designed-to-spy-on-windows-users/

February 27, 2019February 27, 2019 David Bisson Cyber Security, Farseer, Latest Security News, Malware, Windows
  • ← How Blockchain Can Be Hacked: The 51% Rule and More
  • Avast at RSA 2019: Connect with Our Team | Avast →

TechStrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy
  • This field is for validation purposes and should be left unchanged.

Most Read on the Boulevard

‘CosmicStrand’ Highlights Ongoing Firmware Risks
Salt Security Survey Shows Surge in API Attacks
Palo Alto Networks Adds MDR Service to Augment Security Teams
US Emergency Alert System Has ‘Huge Flaw’ — Broadcasters Must Patch NOW
Modern APIs Need a Different Security Approach
Updated for 2022: What is Network Detection and Response (NDR)? A Beginner’s Guide
This Week in Malware—Typosquats in PyPI, dependency confusion packages
Where Does Shared Responsibility Model for Security Breaks in the Real World?
Aspen Security Forum 2022 – Moderator: David Ignatius, Secretary Frank Kendall USAF ‘Fireside Chat On Modernization And The Future Of Warfare’
Radware: A 4x WAF Leader According to KuppingerCole

Upcoming Webinars

Wed 17

Code Tampering: Four Keys to Pipeline Integrity

August 17 @ 1:00 pm - 2:00 pm
Mon 22

API Security

August 22 @ 1:00 pm - 2:00 pm
Wed 24

Implementing Identity Access Prioritization and Risk-Based Alerting for High-Fidelity Alerts

August 24 @ 1:00 pm - 2:00 pm
Tue 30

CISO Talk Master Class Episode: Catch Lightning in a Bottle – The Essentials: Bringing It All Together

August 30 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

The Dangers of Open Source Software and Best Practices for Securing Code

Industry Spotlight

MiCODUS Car Trackers are SUPER Vulnerable and Dangerous
Analytics & Intelligence Application Security Cloud Security Cybersecurity Data Security DevOps Editorial Calendar Featured Identity & Access Identity and Access Management Incident Response Industry Spotlight IoT & ICS Security Malware Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

MiCODUS Car Trackers are SUPER Vulnerable and Dangerous

July 21, 2022 Richi Jennings | Jul 21 0
How AI Secures the Future of Digital Payments
Application Security Cloud Security Cybersecurity Data Security Industry Spotlight Security Boulevard (Original) 

How AI Secures the Future of Digital Payments

July 18, 2022 Natasha Lane | Jul 18 0
HIPAA FAIL: ~33% of Hospital Websites Send PII to Facebook
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Endpoint Featured Governance, Risk & Compliance Identity & Access Incident Response Industry Spotlight Most Read This Week Network Security News Popular Post Security Boulevard (Original) Spotlight Threats & Breaches Vulnerabilities 

HIPAA FAIL: ~33% of Hospital Websites Send PII to Facebook

June 17, 2022 Richi Jennings | Jun 17 Comments Off on HIPAA FAIL: ~33% of Hospital Websites Send PII to Facebook

Top Stories

US Emergency Alert System Has ‘Huge Flaw’ — Broadcasters Must Patch NOW
Analytics & Intelligence API Security Application Security Cloud Security Cloud Security Cyberlaw Cybersecurity Data Security Editorial Calendar Featured Governance, Risk & Compliance Identity & Access Incident Response IoT & ICS Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

US Emergency Alert System Has ‘Huge Flaw’ — Broadcasters Must Patch NOW

August 5, 2022 Richi Jennings | 2 days ago 0
Palo Alto Networks Adds MDR Service to Augment Security Teams
Cloud Security Cybersecurity Featured Network Security News Security Awareness Security Boulevard (Original) Spotlight Threat Intelligence 

Palo Alto Networks Adds MDR Service to Augment Security Teams

August 3, 2022 Michael Vizard | 4 days ago 0
Salt Security Survey Shows Surge in API Attacks
API Security Application Security Cloud Security Cybersecurity Editorial Calendar Featured Malware News Security Boulevard (Original) Spotlight Threat Intelligence Vulnerabilities 

Salt Security Survey Shows Surge in API Attacks

August 3, 2022 Michael Vizard | 4 days ago 0

Security Humor

XKCD ‘Asking Scientists Questions’

XKCD ‘Asking Scientists Questions’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • Techstrong Research
  • Techstrong TV
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
  • Digital Anarchist
Powered by Techstrong Group
Copyright © 2022 Techstrong Group Inc. All rights reserved.