It also checks for the presence of Arabic. Otherwise, DropBook is a Python-based backdoor that can install programs, execute shell commands received from Facebook or Simplenote, and download additional payloads using Dropbox, Cybereason says. SharpStage can execute arbitrary commands, do screen captures and download and execute additional files. A Dropbox client API is implemented in SharpStage and is used to communicate with Dropbox using a token to download and exfiltrate data. NET malware that is a variant of a backdoor that continues to be developed by Molerats, and checks for the presence of Arabic on victim machines, thus avoiding execution and possible detection on non-relevant machines, according to the Cybereason report. “While it’s no surprise to see threat actors take advantage of politically charged events to fuel their phishing campaigns, it is concerning to see an increase in social media platforms being used for issuing command and control instructions and other legitimate cloud services being used for data exfiltration activities,” said Lior Div, Cybereason co-founder and CEO, in a press release announcing the report on the new campaign. Victims are told they can download content from either Dropbox or Google Drive, and when they attempt to do so the malware installation is triggered. The phishing emails have PDF attachments when victims click on them they are prompted to download content from a password-protected archive, Cybereason reports. Such attacks have increased since pandemic lockdowns forced office staffers - including government officials - to work from home, with cybercriminals taking advantage of an increase in traffic to e-commerce, social media and other sites. Phishing attacks generally use fake emails that appear to be from a legitimate source, in order to get victims to hand over passwords and other personal data by prompting them to type login details into a website front. The phishing campaign uses email with political themes to trick victims into downloading backdoor programmes from social media accounts that issue command and control (C2) instructions. Cybereason says it observed the group primarily targeting UAE, Egypt, Turkey, and the Palestinian Territories. Researchers say that the group is politically motivated and has been operating since 2012. The malware was reported last week by Cybereason, which attributed the campaign to an advanced persistent threat (APT) known as Molerats, a part of the hacker group called The Gaza Cybergang. An apparent espionage campaign that uses three previously unreported malware variants and targets political and government leaders in the Middle East is adding to a wave of phishing attacks that has washed over the region in the wake of a massive move to remote work caused by COVID-19.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |