Security News > 2020 > December > It's not just the economy and bad management messing with Kmart - ransomware crews are there too

It's not just the economy and bad management messing with Kmart - ransomware crews are there too
2020-12-07 15:24

Russian security shop Kaspersky has warned about the crew dubbed DeathStalker, which has new malware up for sale as a hacking-for-hire service.

The DeathStalker team seems to make a target of legal and financial services companies and the new malware hides itself in images of pictures of ferns and peppers and uses a DNS over HTTPS to set up a channel to exfiltrate data.

"PowerPepper once again proves that DeathStalker is a creative threat actor: one capable of consistently developing new implants and toolchains in a short period of time," said Pierre Delcher, security expert at Kaspersky.

"PowerPepper is already the fourth malware strain affiliated with the actor, and we have discovered a potential fifth strain. Even though they are not particularly sophisticated, DeathStalker's malware has proven to be quite effective, perhaps because their primary targets are small and medium-sized organizations - that tend to have less robust security programs. We expect DeathStalker to remain active, and we will continue to monitor its campaigns."

Ratcliffe first denied that any browsing data was harvested but has now amended that to admit: "One of those 61 orders resulted in the production of information that could be characterized as information regarding browsing," the New York Times reported.


News URL

https://go.theregister.com/feed/www.theregister.com/2020/12/07/in_brief_security/