Security News > 2024 > January > Google: Russian FSB hackers deploy new Spica backdoor malware
Google says the ColdRiver Russian-backed hacking group is pushing previously unknown backdoor malware using payloads masquerading as a PDF decryption tool.
"COLDRIVER presents these documents as a new op-ed or other type of article that the impersonation account is looking to publish, asking for feedback from the target. When the user opens the benign PDF, the text appears encrypted," Google TAG said.
Even though this fake decryption software will display a decoy PDF document, it will backdoor the victims' devices using a malware strain dubbed Spica by security researchers with Google's Threat Analysis Group, who spotted the attacks.
The Spica Rust-based malware uses JSON over websockets to communicate with its command-and-control server, and it helps to run arbitrary shell commands, steal Chrome, Firefox, Opera, and Edge cookies, upload and download files, and exfiltrate documents.
"TAG has observed SPICA being used as early as September 2023, but believe that COLDRIVER's use of the backdoor goes back to at least November 2022," Google TAG said.
Charming Kitten hackers use new 'NokNok' malware for macOS. Russian military hackers target Ukraine with new MASEPIE malware.
News URL
Related news
- Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested (source)
- SpyLoan Android malware on Google play installed 8 million times (source)
- 8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor (source)
- New Android spyware found on phone seized by Russian FSB (source)
- Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware (source)
- Badass Russian techie outsmarts FSB, flees Putinland all while being tracked with spyware (source)