Shadow Brokers Leaks Another Windows Hacking Tool Stolen from NSA’s Arsenal
, a notorious hacking group that leaked several hacking tools from the NSA, is once again making headlines for releasing another NSA exploit—but only to its "monthly dump service" subscribers.
Dubbed
UNITEDRAKE, the implant is a
"fully extensible remote collection system"that comes with a number of "plug-ins," enabling attackers to remotely take full control over targeted Windows computers.
In its latest post, the hacking group
announceda few changes to its monthly dump service and released
encrypted filesfrom the previous months as well.
Notably, the September dump also includes an unencrypted
PDFfile, which is a user manual for the UNITEDRAKE (United Rake) exploit developed by the NSA.
According to the leaked user manual,
UNITEDRAKEis a customizable modular malware with the ability to capture webcam and microphone output, log keystrokes, access external drives and more in order to spy on its targets.
The tool consists of five components—server (a Listening Post), the system management interface (SMI), the database (to store and manage stolen information), the plug-in modules (allow the system capabilities to be extended), and the client (the implant).
Snowden Leak Also Mentions UNITEDRAKE
UNITEDRAKE initially came to light in 2014 as a part of
NSA's classified documents leakedby its former contractor Edward Snowden.
The Snowden documents suggested the agency used the tool alongside other pieces of malware, including CAPTIVATEDAUDIENCE, GUMFISH, FOGGYBOTTOM, GROK, and SALVAGERABBIT, to infect millions of computers around the world.
- CAPTIVATEDAUDIENCE is for recording conversations via the infected computer's microphone
- GUMFISH is for covertly taking control over a computer’s webcam and snap photographs
- FOGGYBOTTOM for exfiltrating Internet data like browsing histories, login details and passwords
- GROK is a Keylogger Trojan for capturing keystrokes.
- SALVAGERABBIT is for accessing data on removable flash drives that connect to the infected computer.
New Terms for Shadow Brokers Monthly Dump Service
The
Shadow Brokersis now only accepting payments in ZCash (ZEC) from its monthly subscribers, rather than Monero since it uses clear text email for delivery, and has also raised the rates for exploits, demanding nearly $4 Million.
The group demanded 100 ZEC when it started its
first monthly dump servicein June, but now the hackers are demanding 16,000 ZEC which costs $3,914,080 in total. Zcash currently trades at $248 per unit.
Those who want to gain access only to the September dump that includes the new NSA malware files need to pay hackers 500 ZEC.
The Shadow Brokers gained popularity after leaking the SMB zero-day exploit, called
Eternalblue, that powered
Wannacry ransomwareattack that crippled large businesses and services around the world in May.
After that, the mysterious hacking group announced a monthly data dump service for those who want to get exclusive access to the NSA arsenal, which they claim to have stolen from the agency last year.
from The Hacker News http://ift.tt/2xTCoU5