MANILA, Philippines – World’s largest privately held vendor of endpoint protection solutions, Kaspersky Lab warned internet users against malware from Syria that could post threats to cyberspace leading to hacking of important information, including confidential data.
Research showed that Syrian Electronic Army, a group of computer hackers, uses variety of techniques including sophisticated social engineering tricks to attack high-profile organizations, including many media resources.
“A combination of factors – social engineering, rapid app development and remote administration tools for taking over the victim’s entire system – creates a worrying scenario for unsuspecting users,” said Ghareeb Saad, Senior Security Researcher, Global Research & Analysis Team at Kaspersky Lab.
Malware can be spread through social networking sites to gain control of systems and steal credentials.
A Flash 0day (CVE-2014-0515) was found on a number of Syrian sites that had been attacked months earlier, and the DarkComet RAT developer retired the popular tool after reports of it being used extensively in Syria.
“We expect attacks by Syrian malware to continue and evolve both in quality and quantity. Therefore, users should be especially careful of suspicious links, double check their downloads and have a reliable and comprehensive security solution installed,” Saad added.
The malware is disguised in different ways, including fake antivirus scanners, social messaging apps, Trojan-embedded legitimate system utilities, downloads in social networks and free public file-sharing services.
In the samples analyzed, the cybercriminals usually attempted to achieve complete system monitoring with the help of the infamous remote administration tool (RAT) Dark Comet, which not only sends every key stroke almost instantly to a remote server but also leaves the infected system vulnerable to exploit by the attackers.
The use of high-level programming languages means the malware writers can easily modify their creations, making it possible to test new malicious campaigns with minimal effort and to craft targeted attacks in no time. Syrian malware has also been evolving, and shows no sign of abating any time soon.