Leading the charge against GuptiMiner

Luis Corrons 23 Apr 2024

Avast Threat Labs recently exposed and blocked a highly sophisticated malware operation known as GuptiMiner.

Our Threat Labs recently exposed a highly sophisticated malware operation known as “GuptiMiner”, which targets corporate networks specifically. Our team of experts got into research mode right away!

They found out that GuptiMiner exploited a vulnerability in the eScan antivirus update process, quietly infiltrating corporate networks to unleash its malicious payloads. Our team collaborated closely with eScan and India CERT to rectify this vulnerability, thereby helping to safeguard countless users from potential harm.

The threat at a glance

GuptiMiner isn’t merely another malware. It’s an orchestrated suite of malicious tools and cryptocurrency miners, designed to breach and lurk within large corporate networks.

This operation is a masterclass in stealth and versatility. It uses one backdoor to look for weaknesses it can exploit, found in older computers over local networks. Through another backdoor targets private keys and crypto wallets, and it also has the capability to install more harmful components. On top of all this, GuptiMiner also uses XMRig–a popular open-source software–to mine cryptocurrency.

What sets GuptiMiner apart is its sophistication and the strategic timing of its payload deployments–often during system shutdowns when defenses are low and monitoring decreases.

Where does it come from

This campaign, executed by an as-yet-unidentified threat actor, seems to have possible ties to Kimsuky, a notorious APT group emanating from North Korea. They’re known for their advanced persistent threats and state-sponsored cyber activities. This revelation underscores both the complexity of the threat and its potential geopolitical ramifications.

Who's at risk

The primary risk extends to users of eScan, who may be using an affected version of the software. It’s crucial to have the latest version of the antivirus, which isn’t vulnerable to this attack.

What to do if infected

Fortunately, a capable antivirus program can detect and remove threats like GuptiMiner. Running a comprehensive scan with an updated antivirus will help identify and mitigate the issue in case the system is compromised.

Simplifying the complex

While the technical depths of GuptiMiner are a subject of interest within cybersecurity circles, our priority is understanding the ins and outs of this threat and the protective measures needed to combat it. The discovery of this campaign and the subsequent collaboration with eScan and India CERT to address the vulnerability is a testament to our unwavering commitment to cybersecurity. It’s a clear example of the ever-evolving landscape of cyber threats and the importance of staying ahead in this game of digital cat-and-mouse.

For those who want to delve deeper into the intricate workings of GuptiMiner and our comprehensive response, we invite you to explore the full technical analysis here.

Stay informed, stay secure, and remember, the digital realm is as vast as it is vulnerable. Vigilance and preparedness are your best allies in this ongoing battle against cybercrime.


Related articles

--> -->