- Joined
- Jun 13, 2020
- Messages
- 8,060
- Reaction score
- 1,031
- Points
- 212
- Awards
- 2
Criminals use SlothfulMedia malware to steal information, keylogging and modify files.
The US Department of Defense and the US Department of Homeland Security spoke about malware that is being used by an unnamed group to carry out cyber attacks. CyberScoop sources said the criminals are attacking organizations in India, Kazakhstan, Kyrgyzstan, Malaysia, Russia and Ukraine.
The malware, dubbed SlothfulMedia by the military cyber command, is an information theft tool capable of keylogging and modifying files. Agencies have uploaded a sample of malware to a repository on VirusTotal.
The malware is being used in successful ongoing campaigns, but agencies have not disclosed which group is responsible for running them. The report also does not mention the specific goals of the criminals.
Cyber Command first began exposing government-backed hacking campaigns in 2018. Earlier, the agency reported on hacker operations by foreign governments, including operations from North Korea , Russia , Iran and China . Chinese government-affiliated hackers previously attacked Malaysian and Indian organizations, while Russian hackers carried out cyber-espionage operations against targets in Ukraine, Kazakhstan and Kyrgyzstan.
According to the departments, the malware downloads two files on the victim's device. One of them is a remote access Trojan that is capable of taking screenshots, modifying files on systems, killing processes, and running arbitrary commands. The Trojan, designated mediaplayer.exe, also appears to communicate with the attackers' C&C server using HTTP-over-TCP.
The second file has a random 5-digit name and removes the bootloader as soon as the RAT gets persistence on the system. Persistence is achieved by creating a service named Task Frame, which ensures that the RAT is loaded after a system reboot.
The US Department of Defense and the US Department of Homeland Security spoke about malware that is being used by an unnamed group to carry out cyber attacks. CyberScoop sources said the criminals are attacking organizations in India, Kazakhstan, Kyrgyzstan, Malaysia, Russia and Ukraine.
The malware, dubbed SlothfulMedia by the military cyber command, is an information theft tool capable of keylogging and modifying files. Agencies have uploaded a sample of malware to a repository on VirusTotal.
The malware is being used in successful ongoing campaigns, but agencies have not disclosed which group is responsible for running them. The report also does not mention the specific goals of the criminals.
Cyber Command first began exposing government-backed hacking campaigns in 2018. Earlier, the agency reported on hacker operations by foreign governments, including operations from North Korea , Russia , Iran and China . Chinese government-affiliated hackers previously attacked Malaysian and Indian organizations, while Russian hackers carried out cyber-espionage operations against targets in Ukraine, Kazakhstan and Kyrgyzstan.
According to the departments, the malware downloads two files on the victim's device. One of them is a remote access Trojan that is capable of taking screenshots, modifying files on systems, killing processes, and running arbitrary commands. The Trojan, designated mediaplayer.exe, also appears to communicate with the attackers' C&C server using HTTP-over-TCP.
The second file has a random 5-digit name and removes the bootloader as soon as the RAT gets persistence on the system. Persistence is achieved by creating a service named Task Frame, which ensures that the RAT is loaded after a system reboot.