The attack leveraged a shared video service specifically used by auto dealerships, injecting malicious code that redirected unsuspecting users to fraudulent webpages designed to install the dangerous SectopRAT remote access trojan on their systems. Security researcher Randy McEoin identified that the attack vector originated from a compromised script hosted at “idostream.com,” a streaming media service provider based in Manchester, Connecticut, that serves the automotive industry. When executed, the PowerShell command would download a ZIP file (Lancaster.zip) containing the SectopRAT malware, which provides attackers with remote access to infected systems, potentially leading to credential theft and data exfiltration. The specific compromised file was identified as “les_video_srp.js” which contained obfuscated code designed to load additional malicious content. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. A sophisticated supply chain attack has compromised over 100 automotive dealerships across the country, exposing countless visitors to malware infection. The attack showed sophistication in its social engineering approach, making victims believe they were simply completing a standard verification process when in reality they were installing dangerous malware. The third-party service LES Automotive has reportedly remediated the issue, though the full extent of the compromise and number of affected users remains unclear. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.
This Cyber News was published on cybersecuritynews.com. Publication date: Sun, 16 Mar 2025 13:30:18 +0000