Excerpt of press release:Ībsolute Collaborates with Lenovo EMEA to Introduce European Factory ActivationĪbsolute Software Corporation, the industry standard for persistent endpoint security and data risk management solutions, today announced the Company has entered into an agreement with Lenovo EMEA to introduce European factory activation of Absolute Data & Device Security (DDS) (formerly Absolute Computrace). The Canadian ISV/IHV Absolute Software Corporation is working with the European branch of the Chinese OEM Lenovo, to apply CompuTrace - now called Absolute(R) - silicon/firmware-level tracking technology within Europe. This installer (small agent) is vulnerable to certain local attacks and attacks from hackers who can control network communications of the victim.” This installer later downloads the full agent from Absolute’s servers via the internet. The software agent behaves like rootkit (bootkit), reinstalling a small installer agent into the Windows OS at boot time. Wikipedia on LoJack: “Analysis of Computrace by Kaspersky Lab shows that in rare cases, the software was preactivated without user authorization. ![]() Although the initial intrusion vector for this activity remains unknown, Fancy Bear often utilizes phishing email to deliver payloads. Lojack makes an excellent double-agent due to appearing as legit software while natively allowing remote code execution. Lojack, formally known as Computrace, is a legitimate laptop recovery solution used by a number of companies to protect their assets should they be stolen. ![]() ![]() They also target industries that do business with such organizations, such as defense contractors. Fancy Bear actors typically choose geopolitical targets, such as governments and international organizations. government have both attributed Fancy Bear activity to Russian espionage activity. These hijacked agents pointed to suspected Fancy Bear (a.k.a. Interesting findings by about Computrace/LoJack (UEFI rootkit) malicious activity We already discussed LoJack low-level details in #BHASIA talk last year (from slide 33) Alex Matrosov May 2, 2018ĪSERT recently discovered Lojack agents containing malicious C2s.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |