Genel

NEW CHINESE MALWARE – TAIDOOR

0 5

US government agencies say Taidoor malware has been around since 2008 and is a remote access Trojan (RAT) type of malware.

1. What is a RAT? (Remote Access Trojan) 

It is a type of malware that causes hackers to have remote access to the device of the target user and to take control of the device.  Thanks to this malware, attackers can capture sensitive information on the user’s computer, request money from the user by encrypting his entire disk, or gain access to the user’s personal accounts by recording every button the user clicks. RATs usually infect the user’s computer through social engineering attack methods and generally achieve their purpose. For this reason, it is one of the most common types of malware encountered in the cyber world.

2. How Does Taidoor Malware Work?

Three US government agency companies have published a joint report warning about new versions of Taidoor, a type of malware associated with Chinese government-backed hackers. The Taidoor RAT malware infects the user operating system (32-bit or 64-bit) as a DLL file with 2 stages. Once downloaded to the system, the first file starts as a service and decrypts the second file, uploads it to the system and runs it.

The FBI says the Taidoor RAT malware is running and communicating with proxy (proxy servers) servers to hide its origin. After working on the Taidoor RAT system, Chinese hackers can access infected systems and leak sensitive data into the internet environment. They can also spread other malicious software using this malware.

Figure 1. Taidoor malware Virustotal analysis result

USA Cyber ​​Command also uploaded four instances of [ 1 , 2 , 3 , 4 ] Taidoor malware from VirusTotal. Cybersecurity firms or independent malware analysts can review, download and search for additional clues here.

4. How to Prevent Malware From Infecting Your Computer

A. Cyber Security Awareness Training Programs and Phishing Simulation Software

Hackers often send malicious software such as RAT, keylogger, or cryptolocker to users using social engineering attacks methods. Training and testing users ensure the attack is prevented in its first phase. Use Keepnet Labs phishing simulator software to test your users’ reaction to phishing attacks and, and deploy funny and comprehensive training using Awareness Educator module with one click.

B. End-User Antivirus Software

Anti-virus software, which is among the products that may prevent malicious software from the operating system. However,  users should download antivirus software with the most up-to-date version and be kept up-to-date. No matter how many precautions are taken against attack vectors in email, in some cases, malware bypass all your technological tools.  For this reason, you need a tool that intervenes instantly and contains the attack when it succeeds to infiltrate into your system. Try Keepnet labs phishing reporter outlook add-in and Incident responder to identify, analyze, scan clean the emails containing malicious content within users’ inboxes.  Visit our Incident Responder address for more information.

5. Other Cyber Security Awareness Posts

A. Prevent Ransomware Attacks

B. Cybersecurity Awareness Training for Employees

C. Keepnet Labs Phishing Reporter

D.Phishing Awareness Training: 12 Things Your Employees Should Know for Phishing Protection

E. Social Engineering

KEEPNET NINJIO is a cybersecurity awareness solution that uses engaging, 3 to 4 minute Hollywood style micro-learning videos to train employees and organizations to become defenders against cyber threats. KEEPNET NINJIO educates organizations, employees, and families against cyberattacks, making them the first line of defense against today’s advanced attacks. Try for free. 

This blog had been published at www.keepnetlabs.com.

 

RSS Teknoloji Haberleri

  • Samsung Galaxy Watch'larda can sıkan sorun
    Samsung’un popüler akıllı saat modelleri Galaxy Watch 7 ve Ultra, rastgele bağlantı kesintileri ve yeniden kurulum gerektiren sıfırlama sorunlarıyla kullanıcıları zor durumda bırakıyor.
  • Üç model dışarıda kalabilir: iOS 19 hangi iPhone'lara gelecek?
    Eğer iPhone'unuz iOS 18 çalışıyorsa, bu iOS 19'u da çalıştıracağı anlamına gelmiyor olabilir. Yeni söylenti, üç iPhone modelinin iOS 19 güncellemesini alamayacağını iddia ediyor.
  • Windows 95 ile çalışan 30 yıllık bir PC'ye sahipseniz, bu haber sizin için!
    Retro bilgisayar toplulukları için bir yenilik daha: CrystalMark Retro, Windows 95 ve NT gibi eski işletim sistemlerinde çalışabilen kıyaslama testi uygulamasını güncelledi. Peki, performans analizlerinde hangi sonuçlar elde ediliyor?
  • Uzayda 37 gün geçiren farelerde garip değişim
    NASA'nın yeni araştırmaları, astronotların uzun uzay yolculuklarında maruz kaldığı kas ve kemik kaybının mekanizmalarını daha iyi anlamamızı sağlıyor. Farelerin yardımıyla ulaşılan önemli bulgular, aynı zamanda şaşırtıcı sonuçları da ortaya koyuyor.
  • Kod adı Solarium: Yeni iOS 19 tasarımından yeni detaylar
    iOS 19, cam benzeri bir tasarım anlayışını kullanıcıların deneyimine sunmaya hazırlanıyor. Sızan bilgiler, Apple’ın VisionOS’tan ilham alarak daha modern ve yenilikçi bir arayüz üzerinde çalıştığını gösteriyor. WWDC 2025’te bu yeniliklerin detaylarına ulaşmak mümkün olacak.