Government-grade malware used for ransomware attacks
Posted on 18.07.2014
It was only a matter of time until cyber criminals got their hands on a piece of government-made malware and repurposed it for their own criminal needs.


Sentinel Labs researchers have unearthed and have managed to analyze a variant of the malware they dubbed Gyges, which they believe was previously used as a "carrier" for state-sponsored attacks aimed at exfiltrating government data.

In the hands of cyber crooks, this carrier is used to deliver ransomware, rootkits and banking trojans.

Gyges is extremely sophisticated. It uses less-known injection techniques, and highly advanced anti-debugging and anti-reverse-engineering.

"Interestingly, the malicious code used for all of these evasion techniques is significantly more sophisticated than the core executable," the researchers pointed out, adding that that made them dig deeper and eventually discover government traces inside the code.

The malware waits for user inactivity to start doing its thing. It targets Microsoft Windows 7 and 8, is packed with heavily modified Yoda protector, which provides polymorphic encryption and anti-debugging to hide malicious behaviour, and shares the same crypto engine as the previously mentioned Russian espionage malware.

"The fact that 'carrier' code can be 'bolted on' to any type of malware to carry out invisible attacks is another indication that current approaches to security have reached their end-of-life for detecting advanced threats," the researchers concluded.

"We have entered a new era. In addition to antivirus, even advanced protection measures including network monitoring, breach detection systems and sandboxing have become less effective at preventing and detecting advanced threats like Gyges before they can cause extensive damage."

For additional technical details about the malware's behaviour and capabilities, check out the researchers' report.









Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //