Security News > 2022 > August > DoNot Team Hackers Updated its Malware Toolkit with Improved Capabilities

The Donot Team threat actor has updated its Jaca Windows malware toolkit with improved capabilities, including a revamped stealer module designed to plunder information from Google Chrome and Mozilla Firefox browsers.

The latest findings from Morphisec build on a prior report from cybersecurity company ESET, which detailed the adversary's intrusions against military organizations based in South Asia using several versions of its yty malware framework, one of which is Jaca.

"To understand which modules are used in the current infection, the malware communicates with another C2 server."

The C2 domain, for its part, is obtained by accessing an embedded link that points to a Google Drive document, allowing the malware to access a configuration that dictates the modules to be downloaded and executed.

These modules expand on the malware's features and harvest a wide range of data such as keystrokes, screenshots, files, and information stored in web browsers.

"Defending against APTs like the Donot team requires a Defense-in-Depth strategy that uses multiple layers of security to ensure redundancy if any given layers are breached," the researchers said.

News URL

https://thehackernews.com/2022/08/donot-team-hackers-updated-its-malware.html