Malware Monday
For all those starting work on Monday and starting to trawl through emails and/or planning the week ahead, here’s something to brighten your day. There is a new malware delivered via phishing emails, but the attackers committed a few errors when crafting their cyber attack.
As this article on PhishMe reports, the malware is called Dynasty Keylogger, or Predator Dynasty. Dynasty Keylogger is a keystroke logging malware, but it also can send back passwords from applications such as web browsers. The malware also takes screenshots and sends them back to the command and control server. Dynasty Keylogger is written in .NET and uses port 587 to communicate with its command server.
The malware is spread via a phishing email. The email looks like it is from HSBC bank; the attachment to the email contains the Dynasty Keylogger malware. When the attachment is opened, the malware sends back an email to the attackers letting them know the malware has been installed.
However, the malware has some interesting features. The email that is sent back to the attacker has a hard-coded login name (including the server name) and a hard coded password. The researchers at PhishMe were able to easily extract the attacker’s login credentials.
The researchers were able to watch the attackers; in particular, they were able to use a WireShark capture to monitor the attackers taking a screenshot of the victim machine. Amusingly, the screenshot the attackers took was a screenshot showing the researcher monitoring the attacker’s activities on the victim machine. (The malware was installed on a virtual machine.) The PhishMe article includes a screenshot of what the attackers would have seen.
This malware lacks the sophistication of, for instance, the Sandworm malware. However, it should still be treated as serious; again it is spread via a phishing campaign. In this case, the email impersonates a HSBC email. Whilst phishing is a low tech form of attack, it is frequently effective.
Scott Reeves
MailShark
Free anti-spam service
Free email filter service
Related MailShark Articles
ANZ customers targeted with phishing emails Posted in Recent Security News
Malware slips by threat detection software Posted in Recent Security News
New version of NotCompatible malware danger Posted in Recent Security News
JB Hi-Fi Competition Gift Card Scam Posted in Recent Security News
Westpac Password Reset Phishing Scam Posted in Recent Security News
CommBank New Message Notification Phishing Posted in Recent Security News
Week in Review 9 October 2015 Posted in Blog
ANZ New Message Notification Phishing Email Posted in Recent Security News
Your Westpac E-Statement Phishing Scam Posted in Recent Security News
ANZ Bank New Email Phishing Scam Posted in Recent Security News
