A group of researchers has discovered a new cyberespionage campaign associated with the Pakistan-based malicious actor UTA0137, which uses a ‘malware‘ aimed at Linux operating systems, capable of communicating with infected devices and executing commands through the use of ’emojis’ in Discord.
LOOK: Beware of shortened URLs: cybercriminals use them to disguise ‘malware’ and execute attacks
The new ‘malware’, referred to as DISGOMOJI, acts through Discord to steal information and files from victims with the aim of spying, specifically, on government entities in India.
This was announced by the cybersecurity company Volexity, which has identified the use of this new ‘malware’ this year and has shared an analysis of the cyberespionage campaign, associated with the malicious actor identified under the alias UTA0137 and based in Pakistan.
Specifically, cybercriminals use DISGOMOJI by infecting devices through Discord and, once implemented, the malware is capable of executing commands, taking screenshots, stealing files, and even deploying additional software loads and searching. files.
As cybersecurity experts have explained, all this is achieved through the use of ’emojis’ as a control method, thanks to a modified version of the public project discord-c2, which uses the platform’s messaging service for command and control ( C2). This system can allow system security software to be bypassed, as it searches for malicious commands based on text, not emojis.
For example, as detailed on their website, the ’emoji’ of a running man allows a command to be executed on the victim’s device. Likewise, a camera with a flash takes a screenshot and uploads it to the command channel. , for its part, a hand pointing downwards, orders files to be downloaded from the victim’s device and uploaded to the command channel as attachments.
In addition to those mentioned above, in total, up to 9 different ’emojis’ are used, which include the fire, the fox, the skull and hands pointing to the sides and up and down.
DOWNLOADING AN EXECUTABLE FILE THROUGH ‘PHISHING’
In the case of Volexity, the malware was first discovered after downloading a standard ELF executable file from a phishing source. This file allowed downloading a benign file as a “decoy” under the acronym of Indian Defense Service Officers’ Provident Fund (DSOP).
After that, the ‘malware’ downloaded its payload calling it ‘vmcoreinfo’ from a remote server. This payload is itself DISGOMOJI malware, and was placed in a hidden folder called .x86_64-linux-gnuen on the device.
On top of all this, within the ELF file, cybercriminals also include an encrypted authentication token and server ID, which they use to access the Discord server and create a dedicated channel. Once created, cybercriminals can attack more victims using their own channel on the platform.
Furthermore, according to Volexity, cybercriminals identified that Indian government authorities typically use a custom Linux distribution called BOSS. Therefore, they focused the attacks on this type of system to more effectively reach their alleged victims.
“Volexity assesses with high confidence that UTA0137 has objectives related to espionage and a mandate to target government entities in India,” the cyber experts have detailed, while clarifying that, according to their analysis, UTA0137’s campaigns appear to have had success”. That is, as they have highlighted, UTA0137 has managed to infect several victims, although the cybersecurity company’s analysis does not detail how many.
With all this, cybersecurity experts have highlighted that, once cybercriminals gain access to infected devices, they can spread to other users, steal data and information and even additional credentials to other services, with the aim of continuing espionage.
Source: Elcomercio
I have worked in the news industry for over 10 years. I have a vast amount of experience in writing and reporting. I have also worked as an author for a number of years, writing about technology and other topics.
I am a highly skilled and experienced journalist, with a keen eye for detail. I am also an excellent communicator, with superb writing skills. I am passionate about technology and its impact on our world. I am also very interested in current affairs and the latest news stories.
I am a hardworking and dedicated professional, who always strives to produce the best possible work. I am also a team player, who is always willing to help out others.
