Security News > 2021 > July > WildPressure APT Emerges With New Malware Targeting Windows and macOS
A malicious campaign that has set its sights on industrial-related entities in the Middle East since 2019 has resurfaced with an upgraded malware toolset to strike both Windows and macOS operating systems, symbolizing an expansion in both its targets and its strategy around distributing threats.
WildPressure first came to light in March 2020 based off of a malware operation distributing a fully-featured C++ Trojan dubbed "Milum" that enabled the threat actor to gain remote control of the compromised device.
"For their campaign infrastructure, the operators used rented OVH and Netzbetrieb virtual private servers and a domain registered with the Domains by Proxy anonymization service," Kaspersky researcher Denis Legezo noted last year.
New malware samples used in WildPressure campaigns have been unearthed, including a newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script named "Guard" that works across both Windows and macOS. The Python-based multi-OS Trojan, which extensively makes of publicly available third-party code, is engineered to beacon the victim machine's hostname, machine architecture, and OS release name to a remote server and check for installed anti-malware products, following which it awaits commands from the server that allow it to download and upload arbitrary files, execute commands, update the Trojan, and erase its traces from the infected host.
What's more, in what appears to be an evolution of the modus operandi, the latest campaign - besides relying on commercial VPS - also weaved compromised legitimate WordPress websites into their attack infrastructure, with the websites serving as Guard relay servers.
To date, there's neither clear visibility regarding the malware spreading mechanism nor any strong code- or victim-based similarities with other known threat actors.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/tZ2WPtxkI10/wildpressure-apt-emerges-with-new.html
Related news
- Microsoft Office 2024 now available for Windows and macOS users (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- macOS HM Surf vuln might already be under exploit by major malware family (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- New SteelFox malware hijacks Windows PCs using vulnerable driver (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- New RustyAttr Malware Targets macOS Through Extended Attribute Abuse (source)