HTTP Status Codes Command This Malware How to Control Hacked Systems

2020-05-15 02:43

A new version of COMpfun remote access trojan has been discovered in the wild that uses HTTP status codes to control compromised systems targeted in a recent campaign against diplomatic entities in Europe.

In addition to functioning as a fully-featured RAT capable of capturing keystrokes, screenshots, and exfiltrating sensitive data, this new variant of COMpfun monitors for any removable USB devices plugged to the infected systems to spread further and receives commands from an attacker-controlled server in the form of HTTP status codes.

"Several HTTP status codes from the Client Error class let the Trojan know what the operators want to do. After the control server sends the status 'Payment Required', all these previously received commands are executed."

HTTP status codes are standardized responses issued by a server in response to a client's request made to the server.

While the exact modus operandi behind how the malicious visa application is delivered to a target remains unclear, the initial dropper, upon download, runs the next stage of malware, which communicates with the command-and-control server using an HTTP status-based module.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/P0g3H2YLRTs/malware-http-codes.html

#hacked #http #malware