New malware attacks designed to install a backdoor onto compromised MacOS systems.
Updated Malware – APT32:
Recently in a campaign, researchers discovered a new malware OceanLotus – also known as APT32, designed to install a backdoor onto compromised systems to Vietnamese-backed hacking operation OceanLotus.
OceanLotus begins its infection journey through the use of fraudulent documents and phishing messages as legitimate.
However, the motivation for this isn’t fully understood, the aim is thought to be to using espionage to aid Vietnamese-owned companies.
The backdoor enables the hackers to to snoop on and steal confidential information and sensitive business documents.
Importantly, In a campaign by Trend Micro analysts linked it to OceanLotus comparing the similarities in code and behaviour of the malware with samples used in previous campaigns.
The attack begins with phishing emails that attempt to encourage victims to run a Zip file disguised as a Word document.
Moreover, it evades from antivirus detection using special characteristics deep inside a series of Zip folders.
Secondly, at this stage an initial payload is already working on the machine and it changes access permissions in order to load a second-stage payload.
Which then prompts the installation of a third-stage payload, which downloads the backdoor onto the system.
Like this, installing malwares at different stages, the malware OceanLotus aims to evade detection.
Like Older versions, the malware aims to:
- to collect system information
- creates a backdoor allowing the hackers to snoop on and download files
- as well as upload additional malicious software to the system
Above all, It’s thought that the malware is still actively being developed.
“Threat groups such as OceanLotus are actively updating malware variants in attempts to evade detection and improve persistence,” wrote researchers.
To avoid falling victim to this and other malware campaigns
- Be cautious while clicking links or downloading attachments from emails from unknown sources
- Apply security patches/updates to Software and Operation Systems
- Educate employees on Email Security