{"id":198973,"date":"2024-11-09T04:57:08","date_gmt":"2024-11-09T10:57:08","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2024\/11\/windows-infected-with-backdoored-linux-vms-in-new-phishing-attacks"},"modified":"2024-11-09T04:57:08","modified_gmt":"2024-11-09T10:57:08","slug":"windows-infected-with-backdoored-linux-vms-in-new-phishing-attacks","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2024\/11\/windows-infected-with-backdoored-linux-vms-in-new-phishing-attacks","title":{"rendered":"Windows infected with backdoored Linux VMs in new phishing attacks"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/windows-infected-with-backdoored-linux-vms-in-new-phishing-attacks2.jpg\"><\/a><\/p>\n<p>A new phishing campaign dubbed \u2018CRON#TRAP\u2019 infects Windows with a Linux virtual machine that contains a built-in backdoor to give stealthy access to corporate networks.<\/p>\n<p>Using virtual machines to conduct attacks is nothing new, with <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/blackcat-ransomware-uses-new-munchkin-linux-vm-in-stealthy-attacks\/\" target=\"_blank\">ransomware gangs<\/a> and <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/linux-cryptominer-uses-virtual-machines-to-attack-windows-macos\/\" target=\"_blank\">cryptominers<\/a> using them to stealthily perform malicious activity. However, threat actors commonly install these manually after they breach a network.<\/p>\n<p>A new campaign spotted by <a href=\"https:\/\/www.securonix.com\/blog\/crontrap-emulated-linux-environments-as-the-latest-tactic-in-malware-staging\/\" target=\"_blank\" rel=\"nofollow noopener\">Securonix researchers<\/a> is instead using phishing emails to perform unattended installs of Linux virtual machines to breach and gain persistence on corporate networks.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A new phishing campaign dubbed \u2018CRON#TRAP\u2019 infects Windows with a Linux virtual machine that contains a built-in backdoor to give stealthy access to corporate networks. Using virtual machines to conduct attacks is nothing new, with ransomware gangs and cryptominers using them to stealthily perform malicious activity. However, threat actors commonly install these manually after they [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-198973","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/198973","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=198973"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/198973\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=198973"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=198973"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=198973"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}