Espionage malware returns with new toolset


July 26, 2014

A variant of a highly damaging espionage malware has returned, one which attacked governments and other enterprises around the globe early last year.

Named MiniDuke, the malware previously operated through a vulnerability in Adobe Reader. Now, attackers have redeployed the advanced virus as an attachment. Used under the names CosmicDuke and TinyBaron, the malware is now being spread, according to SCMagazine, via spearfishing and imposter applications.

These applications can be across a range of services, with Google and Adobe likely to be targets. It's able to trick users by veiling file size, information and even icons.

In addition to new functionality and a new name, another set of victims is being targeted this time around. Kurt Baumgartner, a principal security researcher with Kaspersky Lab, shed light on the possible victims when speaking to SCMagazine.

"Some are clustered around controlled and illegal substances, and others are clustered around telecoms, government, military, and energy [sectors]," Baumgartner said.

The malware was found by Kaspersky and CrySys Lab to have struck 59 victims across 23 countries since inception in 2012. Government offices were a large target, with Belgium, Romania and Ireland all being hit.

Reports from Romanian anti-virus firm Bitdefender discovered that it could have been in use as far back as 2011.

There's no doubt that businesses need to be aware of the dangers malware poses, and put appropriate security audit processes in place to locate possible malicious files on staff computers.

Malware is a constant threat to both businesses and government around the globe, disrupting and damaging computer operations. Often disguised as harmless software, the effects are highly damaging and every possible measure needs to be taken to ensure security.

Neglecting to do so can be highly damaging, and lead to significant security compromises.

Leave a Reply

Your email address will not be published. Required fields are marked *