APT28, the Russian hacking group tied to last year's interference in the 2016 presidential election, has long been known for its advanced arsenal of tools for penetrating Windows, iOS, Android, and Linux devices. Now, researchers have uncovered an equally sophisticated malware package the group used to compromise Macs.
Like its counterparts for other platforms, the Mac version of Xagent is a modular backdoor that can be customized to meet the objectives of a given intrusion, researchers from antivirus provider Bitdefender reported in a blog post published Tuesday. Capabilities include logging passwords, snapping pictures of screen displays, and stealing iOS backups stored on the compromised Mac.
The discovery builds on the already considerable number of tools attributed to APT28, which other researchers call Sofacy, Sednit, Fancy Bear, and Pawn Storm. According to researchers at CrowdStrike and other security firms, APT28 has been operating since at least 2007 and is closely tied to the Russian government. An analysis Bitdefender published last year determined APT28 members spoke Russian, worked mostly during Russian business hours, and pursued targets located in Ukraine, Spain, Russia, Romania, the US, and Canada.
News in brief: flying cabs for Dubai; UK hit by cyberattacks; Googlers quit after earning too much money
Over the course of the last year, a number of human rights organizations, labor unions, and journalists were targeted in a "phishing" campaign that attempted to steal the Google credentials of targets by luring them into viewing documents online. The campaign, uncovered by Amnesty International, is interesting largely because of the extent to which whoever was behind the attack used social media to create a complete persona behind the messages—a fictional rights activist named Safeena Malik.
Malik translates from Arabic as "King," so Amnesty International refers to the spear-phishing campaign in a report posted to Medium today as "Operation Kingphish."
The party or parties behind the operation created Facebook, Google, LinkedIn, and Twitter profiles for "Safeena Malik" using a young woman's photos, which were apparently harvested from another social media account. "It appears that the attackers may have impersonated the identity of a real young woman and stole her pictures to construct the fake profile," wrote Nex, a security researcher working with Amnesty International, "along with a professional biography also stolen from yet another person."
Nová technika webového fingerprintingu rozpozná na internetu přímo váš počítač. Ještě že je tak pomalá
Getting Serious While Shamoon still shrieks “I am back” all over GCC countries, a completely new “bad boy” spam hits the servers. This VBScript malware document seems to be newborn or revamped, had no traces anywhere, at least while I am typing this. Various entities across GCC received several spam emails embedded with a malicious […]
The post New Born Macro Malware Dropping Rootkits Using a Fileless Infection Vector appeared first on InfoSec Resources.
In this part of the article series, we will look how we can look at the inner workings of a malware. In part 1 and part 2 we have worked on the behavioral analysis of the specimen. In this article, we will look at the code level of specimen discussed in Part 2. We will […]