Rekoobe Backdoor In Open Directories Possibly Attacking TradingView Users

20 November 2024

APT31, using the Rekoobe backdoor, has been observed targeting TradingView, a popular financial platform, as researchers discovered malicious domains mimicking TradingView, suggesting a potential interest in compromising the platform’s user community. By analyzing shared SSH keys, investigators identified additional infrastructure linked to this campaign and another open directory, highlighting the evolving tactics employed by APT31 to evade detection and compromise sensitive information. An open directory at 27.124.45[.]146:9998 exposed two Rekoobe malware binaries, 10-13-x64.bin and 10-13-x86.bin.

Source: GBHackers

Date:

20 November 2024

Categorie(s):

NEWS

Tag(s):

Backdoors, Directories, IT, News, Users

VMware vCenter Users Risk RCE Attacks. Two Flaws Exploited in the Wild20 November 2024
Malicious NSOCKS proxy service-powering botnet dismantled20 November 2024
Finastra investigates data breach affecting client files20 November 2024
Download our Microsoft Copilot for Writing Cheat Sheet20 November 2024
Apple Urges Mac Users to Update After Hackers Exploit Zero-Day Vulnerabilities20 November 2024