PlushDaemon Hackers Hijack Software Updates in Major Supply-Chain Attacks

[johny899]

Have you guys ever heard about PlushDaemon hacker. These hackers have quite the sneaky attack method. Instead of breaking into your computer, they breach the software updates you think you can trust. Scary, right? I update my apps all the time, and now I'm thinking, "Bro....slow down just a bit?"

How PludDaemon Hack Works​

These attackers are targeting your router first. They gain access to it through weak passwords, or old security vulnerabilities. After they gain entry, they deploy a software tool called EdgeStepper.

Then they do something pretty slick. They change the DNS paths. So, when your computer attempts to find a valid update, the request is sent to their spoofed server.

Have you ever wondered how dangerous a spoofed update is? It can become VERY dangerous.

What They Install On Your Device​

Next time you attempt to update software, they will send the spoofed file "popup_4.2.0.2246.dll". Inside, this file will contain another tool called LittleDaemon.

LittleDaemon has added two new tools:

• DaemonicLogistics
• SlowStepper

SlowStepper is the one to be concerned about. It can:

• Obtain your browser data
• Log your keystrokes
• Run spying tools in Python
• Get information from your operating system
• Call commands from the background

Why The Strike Feels So Awful​

I love to get access to the newest features in a update as soon as I can. But I need to take a moment to think after reading this. Supply-chain attacks are worse than standard hacking because they involve the things we trust the most.

Consider this:

• You trust your router.
• You trust your software updates.
• You trust the company that makes the software.

What's happened when hackers break all three? Total craziness.

PlushDaemon has attacked individuals in the U.S., China, Taiwan, Hong Kong, South Korea, New Zealand and even factories in Cambodia. That's not a minor event, that's a really big spy-type attack.

What Can We Do To Protect Ourselves (while not freaking out)?​

I don't want to give you a fright, just keep you smart. Here are a few things I do that are simple:

• Use strong passwords on you router and devices.
• Use antivirus that checks behavior, not just signatures.
• Be watchful for odd behavior on your network, such as odd DNS changes.
• Only download updates from known sources.

These tiny examples underneath provide great levels of protection for you.

In Closing​

This attack in the PlushDaemon supply-chain attack is probably one of the best examples I've seen where trusted updates were turned into a malicious trap by a hacker. Next time your device is asking you to update, it may be worth your time to check things out once.