Security News > 2023 > March > Hackers use new PowerMagic and CommonMagic malware to steal data
Security researchers have discovered attacks from an advanced threat actor that used "a previously unseen malicious framework" called CommonMagic and a new backdoor called PowerMagic.
Researchers at cybersecurity company Kaspersky say that the hackers are interested in collecting data from victims in Donetsk, Lugansk, and Crimea.
Once inside the victim network, the attackers behind the CommonMagic espionage campaign can use separate plugins to steal documents and files from USB devices.
The malware used can also take screenshots every three seconds using the Windows Graphics Device Interface API. The researchers believe that the initial infection vector is spear phishing or a similar method to deliver a URL pointing to a ZIP archive with a malicious LNK file.
Following the PowerMagic infection, the targets were infected with CommonMagic, a collection of malicious tools that the researchers have not seen before these attacks.
Leonid Besverzhenko, security researcher at Kaspersky's Global Research and Analysis Team, told BleepingComputer that the PowerMagic backdoor and the CommonMagic framework were used in dozens of attacks.
News URL
Related news
- Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware (source)
- Hackers deploy AI-written malware in targeted attacks (source)
- N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks (source)
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)