Summary:
1. Malware Delivery via Hacked ISP:
- Hackers compromised an Internet service provider’s infrastructure, tampering with software updates for Windows and Mac users.
- The attack affected applications like 5KPlayer, Quick Heal, Rainmeter, Partition Wizard, and software from Corel and Sogou, exploiting their unencrypted update mechanisms.
2. DNS Poisoning and MitM Attacks:
- The attackers used DNS poisoning to redirect users to malicious servers, even when using non-encrypted public DNS services like Google’s 8.8.8.8.
- DNS responses were altered within the ISP’s network infrastructure, bypassing traditional DNS protections and delivering malware disguised as legitimate updates.
3. Mitigation and Ongoing Threats:
- Users could thwart such attacks by using DNS over HTTPS or TLS and avoiding apps that deliver unsigned updates over unencrypted connections.
- The security firm Volexity suspects ongoing active attacks globally, although their specific case is contained.
Read more at: arstechnica.com
!