Being Stealth is a Skill

February 15, 2024

image Do androids dream of Electric Sheep? Hey people, This is the part-21, going strong! Hoping that the day was good. Let’s look at the topics.

  • Archiving Collected Data In simple terms, Archived data is a collection of information but in a way that is hidden in plain sight, attackers can archive the data once they compromise a certain device, the data which is archived often in a compressed manner(zip) will be stored in places that are hard for the user to look. They also try clubbing with unexplored app files and least opened packages. All these efforts, just for the user to be unaware of what had happened. Transferring huge amount files can be a hard and complex task, Archiving and compressing them can make the work easier. That’s why many prefer archiving the data. 2. Audio Capture When a system has been compromised, the attacker can use the audio capture capabilities, the audio will be captured without the user’s notice, Windows and Linux systems do notify that this particular application is using the microphone, for that the attacker has to bluff it as a real legit application running on the background. So, the user will not be having any suspicion, well it’d still be very suspicious for an app to use mic in the background. Audio capture serves as a crucial data in internal company meetings, confidential report disclosures and various strategic plannings. The attackers can leak this type of data once they get a hold onto it. 3. Automated Collection Automated Collection works by collecting the said data in specified file locations, It can be via system vulnerabilities, automation is easier to do with the help of some basic python/bash scripting. We don’t have to go into much details, sticking to the goal and fetching the required information is enough. 4. Browser Session Hijacking Browser sessions can be stolen, the session details contain what the user had been doing previously and about the websites visited, cookies and login information, saved login passwords etc. Browsers became a daily necessity for us, protecting ourselves from the threats is a big thing and everyone should practice good ways and secure methods. 5. Email Collection Email collection is one of the things which are easier to do, all an attacker needs is some breached data, after gaining the data, the attacker can create an automated script which sends a phishing mail to the given recipients, with email we can see what kind of websites they were registered for and for their online presence, and their social media etc. While emails’ thefts aren’t that serious, the after effects can be hard to bear. I guess It’s one of those days again, I’ll see you again tomorrow with good things to discuss and maybe with a good amount of time to spend.