Chinese backdoor malware resurfaces after more than a decade
(Image: file photo)
Security researchers have found new sophisticated remote access trojan that has resurfaced after more than a decade after it was first released.
The new malware, dubbed "Hacker's Door" by researchers at Cylance, is operated by what's thought to be Chinese advanced persistent threat hacker group known as Winnti.
The malware has many similarities to a remote access trojan (RAT) of the same name that first debuted in 2004, and updated with new features in 2005.
New research published Tuesday that the new malware is largely based on the decade-old malware, but has been adapted and modified to infect newer 64-bit systems.
The new version comprises of a backdoor and a rootkit, allowing the malware access to the operating system's core, giving the attacker access to system information, and listing processes and running commands. The researchers also found that the malware can grab screenshots and files, covertly download additional tools, and open telnet and remote access port. The tool can also extract Windows user's credential from the current session and grab system information.
The new version looks to supports Windows 7 and up to Windows 8.1, said the researchers. The researchers are looking to see if Windows 10 is affected, but can't confirm at the time of writing.
It's not known what kind of operation Winnti APT group is using the malware for, but historically the hackers are focused on using remote access trojans for financial fraud.
The group is known to focus on large pharmaceutical companies and the video game industry, but Cylance senior threat researcher Tom Bonner said Hacker's Door was this time around detected in the aerospace industry.
Like in previous cases, the malware was sold by the author and signed with a certificate stolen certificate -- making it easier to infect machines by bypassing protections designed to detect unsigned code.
"It is highly likely that this tool will continue to be uncovered as part of targeted attacks for some time, as the ease of use and advanced functionality makes 'Hacker's Door' the perfect RAT for any adversary's arsenal," said the research.
from Latest Topic for ZDNet in... http://ift.tt/2yQOroT