DigitalCIO
No Result
View All Result
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
DigitalCIO
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
No Result
View All Result
Digitalcio
No Result
View All Result
Home Tech News

Microsoft Uncovers Multi-Tier Supply Chain Attack

DigitalCIO Bureau by DigitalCIO Bureau
July 30, 2018
in Tech News
0
74
SHARES
1.2k
VIEWS
Share on FacebookShare on Twitter

Microsoft has shared details of a new attack that attempted to spread crypto-mining malware to a large number of users by compromising the software supplying partner of an application developer.

The multi-tier attack relied on compromising the shared infrastructure between a PDF editor vendor and one of its partners that provided additional font packages for the application: the attackers aimed at the supply chain of the supply chain.

Limited in nature, Microsoft said the compromise appeared to be active between January and March 2018, and could have impacted six other vendors working with the font package provider.

Carried out silently, the attack initially appeared as a typical infection and was automatically blocked, but the same infection pattern was observed across a large number of machines.Windows Defender APT eventually alerted on nearly 70,000 cases incidents involving a coin mining process masquerading as pagefile.sys, which was launched by a service named xbox-service.exe,as reported.

Microsoft’s investigation revealed that a malicious installer package (MSI) was being downloaded by a PDF editor during installation, along with other legitimate installers. It was then discovered that the application vendor itself hadn’t been compromised, but the malicious package was served by a partner that creates and distributes additional font packages used by the app.

The attackers discovered a weakness in the interactions between the app vendor and its partner and also found a way to leverage it to hijack the installation chain of the MSI font packages, thus turning the PDF editor into the unexpected carrier of the malicious payload.

Microsoft discovered that the attackers had created a replica of the software partner’s infrastructure on their own server and copied and hosted all MSI files, including font packages, there. They only modified an Asian fonts package to add the malicious payload to it.The attackers also managed to influence the download parameters used by the PDF app so as to point to their server, which resulted in the download of MSI font packages from the rogue server. Thus, users ended up installing the coin miner malware along with the legitimate application.

At device restart, the malicious MSI file would be replaced with the legitimate version. Microsoft also discovered hardcoded PDF app names in the malicious package and concluded that at least six additional vendors might have been targeted by the attackers.

“While we were not able to find evidence that these other vendors distributed the malicious MSI, the attackers were clearly operating with a broader distribution plot in mind,” Microsoft says.

Detected as Trojan:Win64/CoinMiner, the malicious miner would hide behind the name xbox-service.exe and use the infected machine’s resources to mine for Monero. The malware also attempts to prevent remote cleaning and remediation by blocking communication with the update servers of certain PDF apps.

The threat also hinted at browser scripts as an alternative form of coin mining, but it’s unclear whether this was a secondary plan or work in progress.

“This new supply chain incident did not appear to involve nation-state attackers or sophisticated adversaries but appears to be instigated by petty cybercriminals trying to profit from coin mining using hijacked computing resources,” Microsoft’s says.

Share30Tweet19
DigitalCIO Bureau

DigitalCIO Bureau

Recommended For You

Hexaware and Abluva Offer Secure Agentic AI Solutions for Life Sciences Industry

by DigitalCIO Bureau
July 11, 2025
0
Deloitte And AWS To Deepen Generative AI Driven Innovations For Indian Enterprises

Hexaware Technologies has announced a strategic partnership with Abluva, an innovator in agentic AI security, to address security challenges posed by autonomous AI agents in the Life Sciences...

Read moreDetails

TP-Link Reinforces Commitment to India with new R&D GCC & Incubation Centre

by DigitalCIO Bureau
July 11, 2025
0
TP-Link Reinforces Commitment to India with new R&D GCC & Incubation Centre

Connectivity solutions provider TP-Link India have announced a significant expansion of its footprint in the country. TP-Link has unveiled its first incubation centre in India, co-located with its...

Read moreDetails

Gartner: Earth Intelligence Offers $20 bn Opportunity For Tech And Service Providers

by DigitalCIO Bureau
July 10, 2025
0

Earth intelligence will significantly impact every industry as it rapidly moves from government to the private sector, with annual revenue to surpass $4.2 billion in 2030, up from...

Read moreDetails

Okaya Power Group Appoints Prakash Dharmani as CIO

by DigitalCIO Bureau
July 9, 2025
0
Okaya Power Group Appoints Prakash Dharmani as CIO

Prakash Dharmani has joined Okaya Power Group as its new Chief Information Officer (CIO). With over 33 years of experience across industries such as petrochemicals, refining, specialty packaging,...

Read moreDetails

Total Unique Malware Increases By 171%: WatchGuard

by DigitalCIO Bureau
July 9, 2025
0
OpenText Names LockBit  Nastiest Malware Of 2024

New WatchGuard research reveals 171% increase in total unique malware as attackers defy traditional defenses. Other key findings show an increase in email-borne malware threats, a rise in...

Read moreDetails
Next Post

Samsung Gear IconX 2018 Wireless Earbuds Launched

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Related News

Microsoft partners with CBSE

September 28, 2018
Report Finds a 400% Increase in IoT and OT Malware Attacks

Report Finds a 400% Increase in IoT and OT Malware Attacks

October 26, 2023
Microsoft Collaborates with NVIDIA

Microsoft Collaborates with NVIDIA

March 19, 2024

Browse by Category

  • Acquisition
  • Appointment
  • Archive
  • Artificial Intelligence
  • CIO Interviews
  • Cloud
  • Datacenter
  • Events and Conferences
  • Market Insights
  • News
  • Opinion and Analysis
  • Products
  • Resources
  • Security
  • Storage
  • Tech News
  • Telecom
Digitalcio

Welcome to DigitalCIO, your ultimate source for staying ahead in the ever-evolving world of technology and business.

BROWSE BY TAG

Acquisition AI Appointment artificial intelligence Artificial Intelligence and Machine Learning AWS Barracuda Big Data and Analytics Blockchain CISCO Cloud Computing Cloudflare Commvault CrowdStrike Cybersecurity Dell Technologies Digital Transformation Dynatrace E-books Fortinet Gartner GenAI Generative AI Google Cloud HCLTech IBM Infographics Internet of Things (IoT) Kaspersky Microsoft Netskope NTT DATA Palo Alto Networks Panel Discussion Qlik Salesforce ServiceNow Sophos Tenable Trend Micro Veeam Veeam Software Webinars Whitepaper Zscaler

CATEGORIES

  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
  • Archive

NAVIGATION

  • Home
  • About Us
  • Advertise with Us
  • Contact Us

© 2024 digitalcio.in - All rights reserved.

No Result
View All Result
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources

© 2024 digitalcio.in - All rights reserved.

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?