Security News > 2023 > June > Camaro Dragon Hackers Strike with USB-Driven Self-Propagating Malware
The Chinese cyber espionage actor known as Camaro Dragon has been observed leveraging a new strain of self-propagating malware that spreads through compromised USB drives.
The cybersecurity company, which found evidence of USB malware infections in Myanmar, South Korea, Great Britain, India, and Russia, said the findings are the result of a cyber incident that it investigated at an unnamed European hospital in early 2023.
"Consequently, upon returning to the healthcare institution in Europe, the employee inadvertently introduced the infected USB drive, which led to spread of the infection to the hospital's computer systems," the company said.
The latest infection chain comprises a Delphi launcher known as HopperTick that's propagated via USB drives and its primary payload dubbed WispRider, which is responsible for infecting the devices when they are attached to a machine.
"When a benign USB thumb drive is inserted into an infected computer, the malware detects a new device inserted into the PC and manipulates its files, creating several hidden folders at the root of the thumb drive," Check Point researchers said.
"The Camaro Dragon APT group continues to employ USB devices as a method for infecting targeted systems, effectively combining this technique with other established tactics," the researchers said.
News URL
https://thehackernews.com/2023/06/camaro-dragon-hackers-strike-with-usb.html
Related news
- North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware (source)
- North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware (source)
- Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware (source)
- Hackers deploy AI-written malware in targeted attacks (source)
- N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks (source)
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)