Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Monday, 6 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

LuckyMouse Group is back and using a legitimate certificate to sign Malware

by The Gurus
September 10, 2018
in Editor's News
Share on FacebookShare on Twitter

The Kaspersky Lab Global Research and Analysis Team (GReAT) has discovered several infections from a previously unknown Trojan, which is most likely related to the infamous Chinese-speaking threat actor – LuckyMouse. The most peculiar trait of this malware is its hand-picked driver, signed with a legitimate digital certificate, which has been issued by a company developing information security-related software.

The LuckyMouse group is known for highly targeted cyberattacks on large entities around the world. The group’s activity is posing a danger to whole regions, including South-Eastern and Central Asia, as their attacks seem to have a political agenda. Judging by victim profiles and the group’s previous attack vectors, Kaspersky Lab researchers think that the Trojan they’ve detected might have been used for nation-state backed cyber-espionage.

The Trojan discovered by Kaspersky Lab experts infected a target computer via a driver built by the threat actors. This allowed the attackers to execute all common tasks such as command execution, downloading and uploading files, and to intercept network traffic.

The driver turned out to be the most interesting part of this campaign. To make it trustworthy, the group apparently stole a digital certificate, which belongs to an information security-related software developer and used this to sign malware samples. This was done in an attempt to avoid being detected by security solutions, as a legitimate signature makes the malware look like legal software.

Another noteworthy feature of the driver is that despite LuckyMouse’s ability to create its own malicious software, the software used in the attack appeared to be a combination of publicly available code samples from the public repositories and custom malware. Such simple adoption of a ready-to-use third-party code, instead of writing original code, saves developers time and makes attribution more difficult.

“Almost every time that a new LuckyMouse campaign appears, it’s the same time as the leadup to a high-profile political event. What’s more, the timing of an attack usually precedes world leader summits. For the actor, attribution is not a worry. This is because they are now implementing third-party code samples into their programs. The process of adding another layer to their droppers, or to develop a modification for the malware and still remain untraced is not a time-consuming one.” Says David Emm, Principal Security Researcher at Kasperksy Lab.

Kaspersky Lab has previously reported on the LuckyMouse actor attacking a national data center to organise a country-level waterholing campaign.

How to protect yourself:

  • Do not automatically trust the code running on your systems.  Digital certificates do not guarantee the absence of backdoors.
  • Use a robust security solution, equipped with malicious-behavior detection technologies that enable even previously unknown threats to be caught.
  • Subscribe your organisation’s security team to a high-quality threat intelligence reporting service in order to get early access to information on the most recent developments in the tactics, techniques and procedures of sophisticated threat actors.

Read the full version on Securelist.com.

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

All the voices at the table: The benefits of diversity

Next Post

More speed less satisfaction – why faster is not always better in ecommerce delivery

Recent News

Phone with app store open

$400,000 Fine for Stalkerware App Developer

February 6, 2023
london-skyline-canary-wharf

Ransomware attack halts London trading

February 3, 2023
Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

February 2, 2023
JD Sports admits data breach

JD Sports admits data breach

January 31, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information