NetFlash
NetFlash is a Trojan downloader in use by the Turla APT, a group of Russia-based hackers that targets government and military networks habitually. As with most Trojan downloaders, it downloads an additional threat from the attacker's server and installs it automatically. Users can protect themselves through monitoring infection vectors like Flash updates and using a qualified anti-malware program for deleting NetFlash.
Russian Hackers Remaining Far More than a Flash in the Pan
With nations such as Iran, China, the United States, and Israel all playing significant roles in both the cyber-security industry and the threat landscape that such security vendors battle, hacking remains a global problem. In particular, Russia's Turla group is of well-earned notoriety for its abuse of Black Hat software such as Reductor, KopiLuwak, Topinambour, and the Skipper backdoor Trojan. However, the latter is getting a replacement, finding distribution with the aid of a smaller tool: NetFlash.
NetFlash is a Trojan downloader that drops a second threat, PyFlash, which is a notably uncharacteristic backdoor Trojan for its use of Python (which isn't one of the programming languages that Turla ordinarily prefers). NetFlash and its payload are apparent replacements for the more well-known Skipper, and PyFlash accomplishes very similar attacks associated with gaining access to and control over a compromised Windows PC, including its files, network settings, etc. By contrast, NetFlash is limited relatively, although it includes a persistence-setting mechanism for its payload, which guarantees that the second Trojan is always running.
The delivery method for NetFlash is of particular interest to malware analysts. Unlike similar drive-by-download attacks, NetFlash's execution hinges on nothing more than a social engineering tactic that requires consent from the user. Turla disguises the Trojan download link as a Flash Player update and bundles a proper version of the program with the Trojan. Due to the absence of an Exploit Kit or similar hazards, however, any victim may refuse the 'update' and easily dodge the infection.
Threat Actors Making the Most of Others' Web Resources
Rather than being opportunistic thieves, Turla is noteworthy for emphasizing highly-targeted intelligence collection. In their cyber-recon efforts, these attackers often compromise very-specific domains, such as Armenian government sites delivering both Skipper and NetFlash's PyFlash from 2019 up to 2020. The specificity of their attacks carries over into the downloading tactics, which use advanced tracking mechanisms like persistent, corrupted cookies for getting the 'right' victim at the desired time.
Site admins can install software security patches and use strong passwords as part of their standards for reducing hacking success rates. All users also can protect their PCs by avoiding links from e-mail without verifying the sources first. Turla and other government-targeting hackers' groups can use information that's relevant to the target in question for maximizing clicks, up to and including referencing employee names and additional personal info.
NetFlash is a peddler of a backdoor Trojan currently – something that no one should feel safe having on their PCs. What else it might download and deposit is up to Turla, and if their history is anything to go by, the future won't hold anything pleasant for NetFlash's victims.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.