SideWinder APT Targets Nepal, Afghanistan in Wide-Ranging Spy Campaign

2020-12-09 19:53

"We identified a server used to deliver a malicious.lnk file and host multiple credential-phishing pages," wrote researchers, in a Wednesday posting.

On the email front, researchers found that many malicious initial files are being used in the campaign, including a.lnk file that in turn downloads an.

Rtf file and drops a JavaScript file on the target's computer; and a.zip file containing a.lnk file that in turn downloads an.

"All of these cases end up with either the downloading or dropping of files and then the execution of JavaScript code, which is a dropper used to install the main backdoor plus stealer," researchers explained.

SideWinder has used malicious apps as part of its operation before, disguised as photography and file manager tools to lure users into downloading them.

News URL

https://threatpost.com/sidewinder-apt-nepal-afghanistan-spy-campaign/162086/

#APT #SPY