Sneaky malware disguises itself as an Adobe Flash Player installer #Have_Been

Sneaky malware disguises itself as an Adobe Flash Player installer #Have_Been

January 12, 2019 0 By NewsTakers

Video: Gazer malware enables hacking group to spy on Europe’s embassies
A state-sponsored hacking operation is targeting diplomats, using a new attack that bundles malware with a legitimate software update.
The hacking operation has a history of targeting government and diplomatic bodies using watering-hole attacks and spear-phishing campaigns , which often involve the use of false Flash downloads, to infiltrate victim’s systems.
What is known is that the Turla group relies on a web app hosted on Google Apps Script as a command-and-control server for JavaScript-based malware.
It’s something researchers say demonstrates how the attackers are attempting to remain as stealthy as possible by hiding in the network traffic of targeted organisations.
One form of malware that the attackers attempt to drop is Mosquito, a backdoor associated with previous Turla campaigns and likely to be custom-built by the hacking outfit.
The attacks are thought to be the work of a state-backed group.
Researchers also add that some of the victims have been infected with other Turla-related malware such as ComRAT or Gazer , suggesting there’s a strong link between the campaigns, which all have a strong interest in consults and embassies in Eastern Europe and are noted to have “put a lot of effort into keeping their remote access to these important sources of information”.
A sophisticated hacking group is using satellites in a novel manner to disguise their tracks.
The Turla hacking group is using the new Gazer backdoor to conduct espionage, according to researchers at ESET.

Source link