APRIL 15, 2019

Top Stories: Malware in Moscow and Taj Mahal Spyware

Roving Russia - Baldr, a new form of information-stealing malware is found to be gathering interest among Russian undergound forums. Far from child’s

Roving Russia - Baldr, a new form of information-stealing malware is found to be gathering interest among Russian undergound forums. Far from child’s play, the technologically advanced information stealer is common among rapid-fire attacks and phishing. It is uniquely disposed to capture hordes of information, beyond the common machine data, browser history and stored passwords, it can also gather information on the existence of cryptocurrency wallets, VPNs, Telegram and Jabber. The Malware then cycles through the files of key PC locations to extract information from important file types.

 

Taj Mahal Spyware – Cybersecurity Researches at Kapersky Lab unveiled the existence of a highly sophisticated spyware framework that up until recently went undetected for the last five years. Dubbed TajMahal, the malware bares no connection to the famous heritage site, but to the stolen data that was transferred to the attackers’ C&C server in an XML file named Taj Mahal. The APT framework is a high-tech modular based toolkit that not only supports a vast number of malicious plugins for distinct espionage operations, but also comprises never-before-seen spyware and obscure tricks.

 

Lazarus Strikes Again - The Lazarus Group hacking operation, thought to be controlled by the North Korean government, has a new malware toy to pitch at potential targets, worrying the US. The new piece of spyware is capable of securely connecting to a control server and uploading pilfered files from an infected machine. Known as "Hoplight," the malware is a collection of nine files, though most of those are designed to work as obfuscation layers to keep admins and security software from spotting the attack.

 

The Trisis Crisis - Yet another critical infrastructure organization was found infiltrated with the Triton/Trisis malware tools. Infamously used in a 2017 attack that shut down the safety instrumentation system at a petrochemical plant in Saudi Arabia, Nathan Brubaker, a senior manager of FireEye's cyber-physical intelligence team, said this represents the latest publicly revealed attack. FireEye Mandiant, revealed that it recently discovered the Triton/Trisis attack code installed at the second industrial organization and that it is currently working on an ongoing incident response investigation into the attack.

 

Learn more about about Deep Instinct's Cybersecurity Solution.