22nd January 2015, 17:15 #1
Hackers spreading malware, using "Je suis Charlie"
"Miscreants say "Je suis Charlie" too
Ashwin K. Vamshi January 14, 2015
It is very common for malicious actors to attempt to exploit trending news in order to lure users to execute malicious programs.
As a regular practice we keep track of such instances.
In the most recent case I happened to come across an interesting malware,
(md5 hash 3c5266cab10c78f3a49985806c217a40) with the theme "Je suis Charlie",
a slogan that has gone viral after the 7 January 2015 massacre at the Charlie Hebdo offices in Paris.
This malware was found in our stream of incoming material so we don't yet know how it has been distributed.
It is likely, given the subject, that it has been attempted spread using some kind of social engineering trick.
The malware in question is the infamous DarkComet RAT (aka Fynloski),
a freely available remote administration tool which also can double as a powerful backdoor trojan.
DarkComet was originally developed by the French hacker DarkCoderSc,
who stopped further development on the project in 2012.
Nevertheless, its ease of use and rich set of features have kept it popular by all sorts of attackers,
from script kiddies and activists to more sinister players.
The variant used in the present attack is obfuscated to make it less noticed by AV scanners.
The DarkComet Delphi code is enveloped in a .NET wrapper, making the telltale signs of DarkComet hard to spot.
Indeed, the AV detection rate of this executable is at the time of writing poor,
only 2/53 scanners had detection on the VirusTotal online scanner service.
Full story: https://www.bluecoat.com/security-bl...is-charlie-too
Last edited by hackerman1; 22nd January 2015 at 17:17.