Discover and read the best of Twitter Threads about #gnupg

Most recents (2)

1/ DEV-0569, current distribution via #GoogleAds.

1.- #Gozi aka #Ursnif (bot) ↓
2.- #RedLine (stealer) ↓
And if the conditions are right, possibly:
3.- #CobaltStrike (C2) ↓
4.- #Royal Ransomware 💥

(No more BatLoader in the infection chain)
2/ For deployment, they use Add-MpPreference to configure exclusions in Windows Defender (extensions, paths and processes), #NSudo to launch binaries with full privileges and #GnuPG to encrypt the payloads.

Initial MSI file has 0 hits in VT.
3/ All payloads are hosted on @Bitbucket, in a repository that was created in August 2022.

In just 3 days, #Gozi and #RedLine have been downloaded 2477 and 2503 times respectively.

ZLocal.gpg has been downloaded more than 48193 times since December 24, 2022 (potential victims).
Read 10 tweets
Recent reports on the #OpenPGP #keyserver certificate poisoning attacks have focused on the SKS keyserver implemented in OCaml, which is basically a replicated, censor-resistant, append-only database for unverified key material. But what about #gnupg's role in the attack? /thread
Historically, the PGP tool used the same OpenPGP data structure internally and externally: PGP Keys (public or secret) are a sequence of OpenPGP packets. First there is a signing key packet, then a user id packet, followed by a binding signature, and then web of trust signatures.
The old pubring.gpg is such a sequence of OpenPGP packets. All operations on the list of keys (looking up a key by id or user name, searching for a trust path in the web of trust, deleting a key, etc) require a linear scan, fully parsing every packet from the top down.
Read 11 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!