Researcher Spots New Malware Claimed to be 'Tailored for Air‑Gapped Networks'

2020-05-13 07:54

A cybersecurity researcher at ESET today published an analysis of a new piece of malware, a sample of which they spotted on the Virustotal malware scanning engine and believe the hacker behind it is likely interested in some high-value computers protected behind air‑gapped networks.

Dubbed 'Ramsay,' the malware is still under development with two more variants spotted in the wild and doesn't yet appear to be a complex attacking framework based upon the details researcher shared.

According to ESET researcher Ignacio Sanmillan, Ramsay infiltrates targeted computers through malicious documents, potentially sent via a spear-phishing email or dropped using a USB drive, and then exploits an old code execution vulnerability in Microsoft Office to take hold on the system.

Honestly, there's no clear answer to this at this moment, but researcher speculate that the malware might have been 'tailored for air‑gapped networks' with similar scenarios-considering that the only option left is to physically access the machine and steal the collected data with a weaponized USB. 'It is important to notice that there is a correlation between the target drives Ramsay scans for propagation and control document retrieval,' the ESET researcher said.

"USBStealer systematically copied the stolen data on the removable drive used between System A and System B, while Ramsay stages the stolen data locally for a future explicit exfiltration.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/bfDPCQF6AFk/airgap-network-malware.html

#malware #researcher