Security News > 2023 > March > Hackers use new PowerMagic and CommonMagic malware to steal data
Security researchers have discovered attacks from an advanced threat actor that used "a previously unseen malicious framework" called CommonMagic and a new backdoor called PowerMagic.
Researchers at cybersecurity company Kaspersky say that the hackers are interested in collecting data from victims in Donetsk, Lugansk, and Crimea.
Once inside the victim network, the attackers behind the CommonMagic espionage campaign can use separate plugins to steal documents and files from USB devices.
The malware used can also take screenshots every three seconds using the Windows Graphics Device Interface API. The researchers believe that the initial infection vector is spear phishing or a similar method to deliver a URL pointing to a ZIP archive with a malicious LNK file.
Following the PowerMagic infection, the targets were infected with CommonMagic, a collection of malicious tools that the researchers have not seen before these attacks.
Leonid Besverzhenko, security researcher at Kaspersky's Global Research and Analysis Team, told BleepingComputer that the PowerMagic backdoor and the CommonMagic framework were used in dozens of attacks.
News URL
Related news
- Hackers steal data of 2 million in SQL injection, XSS attacks (source)
- Chinese hackers infect Dutch military network with malware (source)
- Hackers used new Windows Defender zero-day to drop DarkMe malware (source)
- Chinese Hackers Using Deepfakes in Advanced Mobile Banking Malware Attacks (source)
- Turla hackers backdoor NGOs with new TinyTurla-NG malware (source)
- Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware (source)
- Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware (source)
- Hackers target Docker, Hadoop, Redis, Confluence with new Golang malware (source)
- Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (source)