Navigation
Search
|
In Search of Riches, Hackers Plant 4G-Enabled Raspberry Pi In Bank Network
Friday August 1, 2025. 02:45 AM , from Slashdot
![]() The researchers then captured the system memory as the beacons were sent. The review identified the process as lightdm, a process associated with an open source LightDM display manager. The process appeared to be legitimate, but the researchers found it suspicious because the LightDM binary was installed in an unusual location. After further investigation, the researchers discovered that the processes of the custom backdoor had been deliberately disguised in an attempt to throw researchers off the scent. [Group-IB Senior Digital Forensics and Incident Response Specialist Nam Le Phuong] explained: 'The backdoor process is deliberately obfuscated by the threat actor through the use of process masquerading. Specifically, the binary is named 'lightdm', mimicking the legitimate LightDM display manager commonly found on Linux systems. To enhance the deception, the process is executed with command-line arguments resembling legitimate parameters -- for example, lightdm -- session child 11 19 -- in an effort to evade detection and mislead forensic analysts during post-compromise investigations. These backdoors were actively establishing connections to both the Raspberry Pi and the internal Mail Server.' Read more of this story at Slashdot.
https://it.slashdot.org/story/25/07/31/2241259/in-search-of-riches-hackers-plant-4g-enabled-raspberr...
Related News |
25 sources
Current Date
Aug, Sat 2 - 00:29 CEST
|