Friday, March 1, 2024
No menu items!

More details on info-stealing malware emerge

Must Read

On the 17th of July 2012, Kaspersky Lab and Seculert announced the discovery of Madi, an on-going cyber-espionage campaign in the Middle East.

The Madi attackers infected more than 800 victims in Iran, Israel, Afghanistan, and other countries across the globe (image: stock.xchng)

The Madi attackers infected more than 800 victims in Iran, Israel, Afghanistan, and other countries across the globe with a malicious info-stealing Trojan, which is delivered via social engineering schemes, to carefully selected targets.

Kaspersky Lab’s experts published a detailed technical analysis of the info-stealing malware used by the Madi attackers. The analysis provides technical examples and explanations of each primary function of the info-stealing Trojan, and details how it is installed on an infected machine, logs keystrokes, communicates with the C&Cs, steals and exfiltrates data, monitors communications, records audio, and captures screenshots.

Summary Findings:

·         Overall, the components of the Madi campaign are unsophisticated despite the high infection count of more than 800 victims.

·         The development of the Madi info-stealing Trojan was an extremely rudimentary approach based on the attackers’ coding style, programming techniques and poor use of Delphi.

·         Most of the info-stealers’ actions and communications with the C&C servers occur through external files, which is a disorganised and elementary way of coding in Delphi.

·         Despite the crude coding of the malware, the high-profile victims were infected by the info-stealing Trojan by being tricked with social engineering schemes deployed by the Madi attackers.

·         The Madi campaign demonstrates that even low quality malware can still successfully infect and steal data, so users should be increasingly careful of suspicious emails.

·         No advanced exploit techniques or zero-days are used anywhere in the malware, which makes the overall success of the campaign very surprising.

·         Madi was a low investment campaign regarding its developmental and operational efforts, however its return on investment was high considering the number of infected victims and amount of exfiltrated data.

·         Although the malware had some unusual characteristics inside it, there is no solid evidence that points to who its authors are.

Staff writer

- Advertisement -

Introducing Veeam Data Cloud

Veeam® Software introduces Veeam Data Cloud, a new solution built on Microsoft Azure, blending the reliability of the top...
Latest News
- Advertisement -

More Articles Like This

- Advertisement -