Security News > 2020 > March > Coronavirus-Themed APT Attack Spreads Malware
An advanced persistent threat group is leveraging the coronavirus pandemic to infect victims with a previously unknown malware, in a recently discovered campaign that researchers call "Vicious Panda."
Researchers identified two suspicious Rich Text Format files targeting the Mongolian public sector.
Once opened, a custom and unique remote-access trojan is executed that takes screenshots of the device, develops a list of files and directories, downloads files and more.
After the victim opens the specially crafted RTF document, and the Microsoft Word vulnerability is exploited, a malicious file is dropped into the Microsoft Word startup folder.
"The threat actor operates the C&C server in a limited daily window, going online only for a few hours each day, making it harder to analyze and gain access to the advanced parts of the infection chain," said researchers.
News URL
Related news
- Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations (source)
- China-Linked APT Aquatic Panda: 10-Month Campaign, 7 Global Targets, 5 Malware Families (source)
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Open-source malware doubles, data exfiltration attacks dominate (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner (source)