COVID-Themed Lures Target SCADA Sectors With Data Stealing Malware

2020-04-20 03:58

A new malware campaign has been found using coronavirus-themed lures to strike government and energy sectors in Azerbaijan with remote access trojans capable of exfiltrating sensitive documents, keystrokes, passwords, and even images from the webcam.

According to the researchers, the malware specifically targets supervisory control and data acquisition systems in the energy industry, such as wind turbine systems, whose identities are currently not known.

Using COVID-19 Themed Lures as Decoy The campaign works by appending PoetRAT to a Word document, which, when opened, executes a macro that extracts the malware and runs it.

Regardless of the attack vector, the Visual Basic Script macro in the document writes the malware to the disk as an archive file named "Smile.zip," which consists of a Python interpreter and the RAT itself.

The adversary behind the campaign also deployed additional exploitation tools, including "Dog.exe," a.NET-based malware that monitors hard drive paths, and automatically transmits the information via an email account or an FTP. Another tool called "Bewmac" enables the attacker to seize control of the victim's webcam.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/7yy74VqG4Ho/coronavirus-scada-malware.html

#malware #scada