Pocostick

Malware updated 19 days ago (2024-11-29T14:49:45.055Z)

Download STIX

Preview STIX

Pocostick, also known as MGBot, is a type of malware that exploits and damages computer systems. This malicious software infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. It was part of multiple malware families deployed by attackers who manipulated DNS responses related to software updates. The attackers used an innovative approach to spread Pocostick and other malware types such as MACMA. They intercepted DNS requests and poisoned them with malicious IP addresses, taking advantage of automatic update mechanisms that use HTTP rather than HTTPS. ESET confirmed this infection vector in their report, highlighting the vulnerability of systems using non-secure update mechanisms. As a result, when applications attempted to retrieve their updates, they were instead installing malware. The intended updates were replaced with harmful programs like MACMA and Pocostick, thereby infecting the system. This sophisticated attack method underscores the need for more secure update mechanisms and vigilant monitoring of DNS requests to prevent similar incidents in the future.

Description last updated: 2024-10-17T11:42:24.878Z

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
MacMa is a possible alias for Pocostick. Macma is a malware, first detailed by Google in 2021, that has been used since at least 2019. It is a modular backdoor that supports multiple functionalities such as device fingerprinting, executing commands, screen capture, keylogging, audio capture, and uploading and downloading files. Macma, ofte	2
Mgbot is a possible alias for Pocostick. MgBot is a malicious software (malware) discovered by ESET, designed to exploit and damage computer systems. It can infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it's capable of stealing personal information, disrupting operations, and	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Pocostick Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
InfoSecurity-magazine	4 months ago	APT Group StormBamboo Attacks ISP Customers Via DNS Poisoning
Securityaffairs	4 months ago	Chinese StormBamboo APT compromised ISP to deliver malware
Securityaffairs	3 months ago	China-linked APT group Salt Typhoon compromised some US ISPs