Since April 2023, there have been over 10.000 multi-malware attacks from backdoors, keyloggers and miners on more than 200 companies. In April 2023, the FBI reported on a multi-malware campaign in which cybercriminals attacked companies with miners, keyloggers and backdoors. Kaspersky experts further analyzed the campaign and found that it is still active.
The cyberattacks identified by Kaspersky occurred between May and October of this year and primarily targeted government agencies, farms, and wholesale and retail companies. According to Kaspersky telemetry, the more than 10.000 attacks affected over 200 users, the majority of them in Russia, Saudi Arabia, Vietnam, Brazil and Romania. They also occasionally targeted systems in the United States, Morocco and Greece.
Trio infernale consisting of backdoor, keylogger and miner
Kaspersky also revealed new malicious scripts that infiltrate systems by exploiting server and workstation vulnerabilities. Once access is gained, the script attempts to manipulate Windows Defender to gain administrative rights and disrupt the functioning of various antivirus software.
The script then tries to download a backdoor, a keylogger and a miner from a site that is now offline. The miner now accesses the system resources to mine various cryptocurrencies, such as Monero (XMR). Meanwhile, the keylogger records the user's complete sequence of mouse and keyboard strokes. At the same time, the backdoor establishes a connection to a C2 (command-and-control) server to receive and transmit data. This allows the attacker to ultimately gain remote control of the compromised system.
Attackers only seek financial gain
“This multi-malware campaign is rapidly evolving by introducing new modifications. The attacker’s motivation appears to be solely financial gain using all available means,” explains Vasily Kolesnikov, security expert at Kaspersky. “Research by our cybersecurity experts suggests that these are not limited to cryptocurrency mining. Instead, they could also include selling stolen login credentials on the dark web or executing advanced scenarios using backdoor capabilities. Our products such as Kaspersky Endpoint Security can detect infection attempts, including those of new modifications, thanks to their comprehensive protection functions.”
More at Kaspersky.de
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/