Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
The malware steals confidential data and launches DDoS attacks.
In late July, Kaspersky Lab specialists discovered a new type of malware that was distributed through the website of a Russian energy company. The malware is called CMoon. The attackers replaced links to regulatory documents in several sections of the site with those that led to downloading malicious executable files. This virus can steal confidential data, launch DDoS attacks, and spread to other devices.
The company's analysts found out that about two dozen links were substituted on the site, each of which led to a self-extracting archive. Inside the archive was a source document and an executable file — the new CMoon malware, so named for the lines in the file's code.
The attack was carefully prepared and targeted at specific users of the organization's website. The CMoon worm could search for and send files from the user's Desktop, Documents, Photos, Downloads, and external media folders to the attackers server if the text contained keywords such as "secret", "utility", "password", and others. This indicates a targeted attack. Files with information about system security, user actions, and user credentials could also be downloaded. Malware could also take screenshots of the screen.
From web browsers, the virus could collect files with saved passwords, cookies, bookmarks, browsing history, and data for auto-filling out forms, including credit card information. CMoon was also able to monitor connected USB drives, which made it possible to steal potentially interesting files and infect other computers to which these drives could be connected.
After detecting the infection, Kaspersky Lab immediately notified the owners of the resource, and the malicious files were deleted. Experts stressed that the attack was aimed at contractors and partners of the organization.
According to Kaspersky Lab's experts, a small number of users were exposed to the threat. However, it is important that organizations incorporate new attack techniques into their security policies to minimize risks.
Source
In late July, Kaspersky Lab specialists discovered a new type of malware that was distributed through the website of a Russian energy company. The malware is called CMoon. The attackers replaced links to regulatory documents in several sections of the site with those that led to downloading malicious executable files. This virus can steal confidential data, launch DDoS attacks, and spread to other devices.
The company's analysts found out that about two dozen links were substituted on the site, each of which led to a self-extracting archive. Inside the archive was a source document and an executable file — the new CMoon malware, so named for the lines in the file's code.
The attack was carefully prepared and targeted at specific users of the organization's website. The CMoon worm could search for and send files from the user's Desktop, Documents, Photos, Downloads, and external media folders to the attackers server if the text contained keywords such as "secret", "utility", "password", and others. This indicates a targeted attack. Files with information about system security, user actions, and user credentials could also be downloaded. Malware could also take screenshots of the screen.
From web browsers, the virus could collect files with saved passwords, cookies, bookmarks, browsing history, and data for auto-filling out forms, including credit card information. CMoon was also able to monitor connected USB drives, which made it possible to steal potentially interesting files and infect other computers to which these drives could be connected.
After detecting the infection, Kaspersky Lab immediately notified the owners of the resource, and the malicious files were deleted. Experts stressed that the attack was aimed at contractors and partners of the organization.
According to Kaspersky Lab's experts, a small number of users were exposed to the threat. However, it is important that organizations incorporate new attack techniques into their security policies to minimize risks.
Source
