Security News > 2023 > November > Gamaredon's LittleDrifter USB malware spreads beyond Ukraine

Gamaredon's LittleDrifter USB malware spreads beyond Ukraine
2023-11-20 22:32

A recently discovered worm that researchers call LittleDrifter has been spreading over USB drives infecting systems in multiple countries as part of a campaign from the Gamaredon state-sponsored espionage group.

Malware researchers saw indications of compromise in the United States, Ukraine, Germany, Vietnam, Poland, Chile, and Hong Kong, which suggests that the threat group lost control of LittleDrifter, which reached unintended targets.

According to research from Check Point, the malware is written in VBS and was designed to propagate through USB drives, as an evolution of Gamaredon's USB PowerShell worm.

To achieve its goal, the malware uses two separate modules, which are executed by the heavily obfuscated VBS component trash.

The malware uses the Windows Management Instrumentation management framework to identify target drives and creates shortcuts with random names to execute malicious scripts.

Check Point notes that all domains used by the malware are registered under 'REGRU-RU' and use the '.

News URL