Security News > 2023 > March > Hackers use new PowerMagic and CommonMagic malware to steal data

Hackers use new PowerMagic and CommonMagic malware to steal data
2023-03-21 20:33

Security researchers have discovered attacks from an advanced threat actor that used "a previously unseen malicious framework" called CommonMagic and a new backdoor called PowerMagic.

Researchers at cybersecurity company Kaspersky say that the hackers are interested in collecting data from victims in Donetsk, Lugansk, and Crimea.

Once inside the victim network, the attackers behind the CommonMagic espionage campaign can use separate plugins to steal documents and files from USB devices.

The malware used can also take screenshots every three seconds using the Windows Graphics Device Interface API. The researchers believe that the initial infection vector is spear phishing or a similar method to deliver a URL pointing to a ZIP archive with a malicious LNK file.

Following the PowerMagic infection, the targets were infected with CommonMagic, a collection of malicious tools that the researchers have not seen before these attacks.

Leonid Besverzhenko, security researcher at Kaspersky's Global Research and Analysis Team, told BleepingComputer that the PowerMagic backdoor and the CommonMagic framework were used in dozens of attacks.


News URL

https://www.bleepingcomputer.com/news/security/hackers-use-new-powermagic-and-commonmagic-malware-to-steal-data/