Thanatos στις υπηρεσίες της IPS. Ερευνητές της εταιρείας ασφαλείας SurfWatch Labs κατάφεραν να σταματήσουν έναν προγραμματιστή που ήθελε να παραβιάσει χιλιάδες forum και ιστοσελίδες που φιλοξενούνται στην υποδομή της Invision Power Services, που αναπτύσσουν το λογισμικό για την δημιουργία forum IP.Board γνωστό και σαν IPS Community Suite.
The malware plan was known as AlphaLeon for the plan to violate the platform. AlphaLeon since the beginning of March this year has begun selling a new trojan that has named it Death or Thanatos.
Malicious software was hacked as a MaaS platform (Malware-as-a-Service).
In order to increase the size of the Thanatos botnet and be more effective, AlphaLeon had to find a way to deliver the trojan to as many users as possible. For this purpose, he devised a plan and started with his realization.
He started looking for vulnerabilities and exploits for the infrastructure of Invision Power Services (IPS), which offers its customers the IPS Community Suite software as a hosting platform, running on AWS servers (Amazon Web Services).
When the hacker gained access to the IPS servers, he installed it exploit kit which started automatically infecting website visitors with the Thanatos trojan. The malware found its way to victims' systems via outdated browser versions or browser plugins.
IPS customers include large companies such as Evernote, NHL, Warner Music, Bethesda Softworks, and LiveNation, as well as the classic IP.Board forums, IPS allows customers to create e-commerce stores.
AlphaLeon's plan was cut short when security firm SurfWatch Labs caught wind of his intentions while surfing the Dark Web. The researchers contacted IPS, which was unaware of the hacker's breach, discovered the entry point, and shut down the security gap. The incident happened in early April, and IPS is still in the process of investigating the breach.
According to Thanatos' most recent ads on Dark Web, the trojan, which at the beginning of March was only a powerful banking trojan, has now been updated with additional features in the form of add-on modules.
Τα modules αυτά επιτρέπουν στους πελάτες του botnet Thanatos για να εξαπολύουν επιθέσεις DDoS, να διανέμουν ransomware, να έχουν πρόσβαση στην κάμερα του θύματος, να κλέβουν Bitcoin, την αποστολή spam, και να κλέβουν κωδικούς access.