Security News > 2020 > March > Coronavirus-Themed APT Attack Spreads Malware
An advanced persistent threat group is leveraging the coronavirus pandemic to infect victims with a previously unknown malware, in a recently discovered campaign that researchers call "Vicious Panda."
Researchers identified two suspicious Rich Text Format files targeting the Mongolian public sector.
Once opened, a custom and unique remote-access trojan is executed that takes screenshots of the device, develops a list of files and directories, downloads files and more.
After the victim opens the specially crafted RTF document, and the Microsoft Word vulnerability is exploited, a malicious file is dropped into the Microsoft Word startup folder.
"The threat actor operates the C&C server in a limited daily window, going online only for a few hours each day, making it harder to analyze and gain access to the advanced parts of the infection chain," said researchers.
News URL
Related news
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- SideWinder APT Strikes Middle East and Africa With Stealthy Multi-Stage Attack (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware (source)