Monday, May 16, 2022

Bifrose Variant utilizes Tor

Tor (The Onion Router) is a network of computers built to anonymize transmissions between two parties by concealing their whereabouts. It’s typically utilized to combat censorship and to defend the privacy of the users.

While looking into an attack towards an undisclosed device manufacturer, security researchers at Trend Micro identified a variant of the Bifrose malware which uses this network to obtain commands from its operator.

Bifrose, also referred to as Bifrost, is mainly renowned for its keylogging abilities, though the build found by the researchers combines other features, including uploading and downloading information, create and delete folders, executing command lines, renaming files, along with manipulating application windows through mouse and keyboard events.

Due to communication being ran via Tor anonymity network, experts claim that it’s possible for system administrators to discover an attack relying upon this Bifrose variant by looking for Tor activity within the network.

Activity on the network, like logins and email transmitting, at abnormal times might also suggest malicious activity.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Silent OS 3.0 for Blackphone Completely revamped

Version 3.0 migrates Silent OS to Android Marshmallow 6.0.1 and delivers the Android safety patch …