Unexpected malware threat installed on unexpected device

Unexpected malware threat installed on unexpected device

Tech Highlights:

  • Landline phones are unexpected devices to be used as a way to infiltrate systems by threat actors, but as cybersecurity news outlet Cybernews points out, modern handsets are often connected to the internet of things, displaying contact information, storing voicemails and call logs, and more. Call centers and companies that use communication software via handsets are at risk.

  • Not even corded phones are safe, according to cybersecurity specialists who found more than 500,000 different malware samples in the Elastix communication software used by landline provider Digium. Hackers targeted Digium phones by implanting a web shell (allowing a web server to be accessed remotely) for data exfiltration purposes, said Unit 42 of cybersecurity firm Palo Alto. From late December 2021 to the end of March 2022, the attack took place.

The threat actors targeted the Elastix software Digium phones use, which is the largest open source software solution for unified communications server software. It brings together email, IM, faxing, collaboration functionality, and Internet Protocol (IP) Private Branch Exchange (PBX). As the report points out, it has a web interface and includes capabilities such as call center software with predictive dialing.

While Unit 42 doesn’t state if businesses or users were affected by the malware attack, it’s worth noting that malware attacks can spread to a selection of devices — not only through malware-infested Android apps or spyware on iPhones. To keep your phones and laptops safe, be sure to check out the best antivirus apps. And, for a better look at the different types of malicious attacks, find out the differences between spyware and stalkerware.

“The malware installs multilayer obfuscated PHP backdoors to the web server’s file system, downloads new payloads for execution and schedules recurring tasks to re-infect the host system,” the report states. “Moreover, the malware implants a random junk string to each malware download in an attempt to evade signature defenses based on indicators of compromise (IoCs).”

We will be happy to hear your thoughts

      Leave a reply

      Tech Reviews, News and Guides
      Logo