Lord777
Professional
- Messages
- 2,577
- Reaction score
- 1,563
- Points
- 113
Check Point has discovered the use of a new USB worm known as "LitterDrifter" in targeted attacks. This worm automatically distributes malware through connected USB drives and communicates with the attackers ' command and control servers. It is suspected that this is an evolution of a PowerShell-based USB worm previously discovered by Symantec.
"LitterDrifter", written in VBS, is distributed as a hidden file on USB drives along with a masked LNK link with random names. A distinctive feature of the worm is its ability to connect to the management server extracted from the Telegram channel — a method that has been actively used since the beginning of this year.
Signs of possible infection were detected in Ukraine, the United States, Vietnam, Chile, Poland, Germany and Hong Kong. There is an active presence and constant development of attack methods in 2023, including rapid exfiltration of data immediately after compromise. The company noted that "LitterDrifter was specifically designed to support large-scale data collection operations."
"It is clear that LitterDrifter was designed to support large-scale garbage collection operations," the company concluded. "It uses simple but effective methods to ensure that the widest possible range of goals is achieved in the region."
Other reports point to attacks targeting embassies across Europe, including Italy, Greece, Romania and Azerbaijan. These intrusions are related to exploiting a recently discovered vulnerability in WinRAR and phishing emails containing links to specially created ZIP files that activate the vulnerability and run PowerShell scripts from a remote server.
"LitterDrifter", written in VBS, is distributed as a hidden file on USB drives along with a masked LNK link with random names. A distinctive feature of the worm is its ability to connect to the management server extracted from the Telegram channel — a method that has been actively used since the beginning of this year.
Signs of possible infection were detected in Ukraine, the United States, Vietnam, Chile, Poland, Germany and Hong Kong. There is an active presence and constant development of attack methods in 2023, including rapid exfiltration of data immediately after compromise. The company noted that "LitterDrifter was specifically designed to support large-scale data collection operations."
"It is clear that LitterDrifter was designed to support large-scale garbage collection operations," the company concluded. "It uses simple but effective methods to ensure that the widest possible range of goals is achieved in the region."
Other reports point to attacks targeting embassies across Europe, including Italy, Greece, Romania and Azerbaijan. These intrusions are related to exploiting a recently discovered vulnerability in WinRAR and phishing emails containing links to specially created ZIP files that activate the vulnerability and run PowerShell scripts from a remote server.
