Security News > 2020 > March > Coronavirus-Themed APT Attack Spreads Malware
An advanced persistent threat group is leveraging the coronavirus pandemic to infect victims with a previously unknown malware, in a recently discovered campaign that researchers call "Vicious Panda."
Researchers identified two suspicious Rich Text Format files targeting the Mongolian public sector.
Once opened, a custom and unique remote-access trojan is executed that takes screenshots of the device, develops a list of files and directories, downloads files and more.
After the victim opens the specially crafted RTF document, and the Microsoft Word vulnerability is exploited, a malicious file is dropped into the Microsoft Word startup folder.
"The threat actor operates the C&C server in a limited daily window, going online only for a few hours each day, making it harder to analyze and gain access to the advanced parts of the infection chain," said researchers.
News URL
Related news
- Hackers deploy AI-written malware in targeted attacks (source)
- N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks (source)
- New RomCom malware variant 'SnipBot' spotted in data theft attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- SideWinder APT Strikes Middle East and Africa With Stealthy Multi-Stage Attack (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)