CyberNews Briefs

Hackers Replace Windows Narrator to Get SYSTEM Level Access

Researchers with Cylance have uncovered a new hacking campaign that takes advantage of the Windows Narrator app that users can launch from the logon screen before they have entered their credentials. The attackers, who are believed to be operating from China, have developed a malicious version of the app that they use to replace the original on targeted systems. Since the Narrator app runs with system privileges, the trojanized version gives threat actors full control over the host machine.

The sophisticated campaign involves multiple stages. In the first stage, the attackers abuse a legitimate NVIDIA app on targeted systems in order to load the PcShare backdoor, which allows them to compromise the machine and replace the local Narrator app with their malicious version.

Read more: Hackers Replace Windows Narrator to Get SYSTEM Level Access

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.