Hello, welcome to the Thursday, April 1st, 2021 edition of the Santernut Storm Center's Stormcast.

My name is Johannes Ulrich, and then I'm recording from Jacksonville, Florida.

Xavier today wrote up an info stealer that he came across.

This particular maver arrives as a multi-volume archive, so the extension is .001, which of course is, again, trying to attempt to bypass some filters inside, just a simple executable.

The malware will then in regular intervals take screenshots and upload them to the attackers'

command and control server. That server loads the good old Amadei command control panel,

very old-fashioned in some ways and goes back at least five years, but apparently still successful.

Xavier was able to identify 461 uploaded screenshots waiting on the command and control server.

And Google released an update for Google Chrome.

This update fixes eight different vulnerabilities, six of which are labeled as high-end may lead

to code execution.

But that's not the only update we got with respect to Google Chrome in future versions

and as soon as the next few versions of Google Chrome,

Google Chrome will start to support DNS over HTTP on Linux.

Now if you're saying, well, Google Chrome has supported DNS over HTTP for about a year or so now, by default pretty much.

Well, this was not the case for Linux.

The problem here was that Google Chrome essentially usually uses its own DNS resolver,

but it tries to make this DNS resolverolver behave like the operating systems native one

in the sense that it's using the same recursive name servers.

On most operating systems, it's pretty straightforward to figure out what the recursive

name servers are in Linux.

That's a little bit more complicated because of the NSSwitch.com file.

...