The latest version (a third iteration) performs screen captures and checks for the presence of the Arabic language on the infected machine, thus avoiding execution on non-relevant devices, researchers explained. NET malware that appears to be under continuous development. Helpfully, the message provides the password and gives targets the option of downloading from either Dropbox or Google Drive. When a victim clicks it open, they receive a message that they will need to download the content from a password-protected archive.
#Dropbook henatai pdf#
The phishing emails arrive with a non-boobytrapped PDF attachment that will evade scanners, according to Cybereason. It’s been used by various APTs in the past, including MoleRats and the Chinese-speaking APT 10.
#Dropbook henatai code#
Quasar RAT is billed as a legitimate remote administration tool for Windows, but it can be used for malicious purposes, like keylogging, eavesdropping, uploading data, downloading code and so on.
Cybereason found that both have been observed being used in conjunction with the known MoleRats backdoor Spark and both have been seen downloading additional payloads, including the open-source Quasar RAT. In analyzing the offensive, they uncovered the SharpStage and DropBook backdoors (as well as a new version of a downloader dubbed MoleNet), which are interesting in that they use legitimate cloud services for C2 and other activities.įor instance, the DropBook backdoor uses fake Facebook accounts or Simplenote for C2, and both SharpStage and DropBook abuse a Dropbox client to exfiltrate stolen data and for storing their espionage tools, according to the analysis, issued Wednesday. “Analysis of the phishing themes and decoy documents used in the social engineering stage of the attacks show that they revolve mainly around Israel’s relations with neighboring Arab countries as well as internal Palestinian current affairs and political controversies,” Cybereason researchers noted. Secretary of State Mike Pompeo and Israeli Prime Minister Benjamin Netanyahu. Emailed phishing documents are the attack vector, with lures that include various themes related to current Middle Eastern events, including Israeli-Saudi relations, Hamas elections, news about Palestinian politicians, and a reported clandestine meeting between the Crown Prince of Saudi Arabia, the U.S. The most recent campaign, uncovered by researchers at Cybereason, targets high-ranking political figures and government officials in Egypt, the Palestinian Territories, Turkey and the UAE, they noted.
0 kommentar(er)
