A new malware distribution campaign targeted at users in Asian countries is the latest reminder of why attacks don't always have to be sophisticated to be effective.
The campaign involves the use of watering-hole websites to drop malware on systems belonging to members of a certain Asian religious and ethnic group. The watering holes have been established on more than 10 websites belonging to individuals, voluntary programs, charities, and other organizations related to the targeted religious group. All that users need to do to for malware to be downloaded on their systems is to simply visit the compromised websites.
Researchers from Kaspersky first spotted the campaign last December and have named it "Holy Water." In an advisory this week, the security vendor described the campaign as ongoing and involving the use of an unsophisticated but creative toolset that includes open source code, GitHub distribution, and the use of Go language and Google Drive-based command and communication channels.
According to Kaspersky, when a visitor lands on one of the watering holes, an already compromised component on it loads a malicious JavaScript that harvest information about the visitor's system and sends it off to an external attacker-controlled server. The external server vets the system information to determine whether the user is of potential interest.
If the user is identified as being of interest, another JavaScript loads a plugin that in turn triggers a pop-up urging the user to update their Adobe Flash software. Users who click on the pop-up end up having a backdoor called "Godlike12" installed on their systems. The malware allows the threat actor to take complete remote control of the infected device to ..
Support the originator by clicking the read the rest link below.
