Security News > 2020 > March > Coronavirus-Themed APT Attack Spreads Malware
An advanced persistent threat group is leveraging the coronavirus pandemic to infect victims with a previously unknown malware, in a recently discovered campaign that researchers call "Vicious Panda."
Researchers identified two suspicious Rich Text Format files targeting the Mongolian public sector.
Once opened, a custom and unique remote-access trojan is executed that takes screenshots of the device, develops a list of files and directories, downloads files and more.
After the victim opens the specially crafted RTF document, and the Microsoft Word vulnerability is exploited, a malicious file is dropped into the Microsoft Word startup folder.
"The threat actor operates the C&C server in a limited daily window, going online only for a few hours each day, making it harder to analyze and gain access to the advanced parts of the infection chain," said researchers.
News URL
Related news
- Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack (source)
- New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm (source)
- Chinese hackers use new data theft malware in govt attacks (source)
- NoName ransomware gang deploying RansomHub malware in recent attacks (source)
- Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack (source)
- CISA warns of Windows flaw used in infostealer malware attacks (source)
- Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users (source)
- Hackers deploy AI-written malware in targeted attacks (source)
- N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks (source)
- New RomCom malware variant 'SnipBot' spotted in data theft attacks (source)