Security News > 2020 > March > Coronavirus-Themed APT Attack Spreads Malware

Coronavirus-Themed APT Attack Spreads Malware
2020-03-13 16:40

An advanced persistent threat group is leveraging the coronavirus pandemic to infect victims with a previously unknown malware, in a recently discovered campaign that researchers call "Vicious Panda."

Researchers identified two suspicious Rich Text Format files targeting the Mongolian public sector.

Once opened, a custom and unique remote-access trojan is executed that takes screenshots of the device, develops a list of files and directories, downloads files and more.

After the victim opens the specially crafted RTF document, and the Microsoft Word vulnerability is exploited, a malicious file is dropped into the Microsoft Word startup folder.

"The threat actor operates the C&C server in a limited daily window, going online only for a few hours each day, making it harder to analyze and gain access to the advanced parts of the infection chain," said researchers.


News URL

https://threatpost.com/coronavirus-apt-attack-malware/153697/?utm_source=rss&utm_medium=rss&utm_campaign=coronavirus-apt-attack-malware