Java malware copies passwords

June 25, 2020
| No comments
G Data News

Share post

G Data researchers reveal: Java malware copies passwords and also enables remote control via RDP.

A newly discovered malware developed in Java can copy access data, remotely control the victim's computer and execute other commands. The integrated ransomware component is not yet fully functional.

Analysts from G DATA CyberDefense warn of new malware developed in Java. If the malware is active on a system, criminals can read passwords from browsers and the e-mail program. Since the malware has a remote access function (RAT), an attacker can also take control of the infected system remotely. The Remote Desktop Protocol (RDP) is used for this - a modified version of the “rdpwrap” tool (https://github.com/stascorp/rdpwrap) is downloaded in the background. In the modified version, hidden RDP access is possible.

In addition, the malware has - currently still - rudimentary ransomware components. So far, however, there is no encryption here, only a renaming of the files. Since malware is often continuously developed, this could change in future versions.

Unexpected: new Java malware

“The current malware is unusual, we haven't seen any new Java malware for a long time,” says Karsten Hahn, Virus Analyst at G DATA. "With the malware that we have analyzed, we can already see attempted infections among our customers."

With the present path of infection, the malware cannot run without Java. It can be assumed that the person who wrote the software has experimented. However, there is already a feature that downloads and installs the Java runtime environment right before infection with the Java malware. Anyone who has already installed a version of the Java Runtime Environment (JRE) on the computer is vulnerable to infection.

RDP access has traditionally been a popular means of criminals to gain access to systems in company networks. Companies, on the other hand, use RDP access for maintenance work and sometimes for remote work. Within a company network, care should therefore be taken to keep a close eye on RDP traffic in order to be able to notice abnormalities immediately. Further technical details and graphics can be found in the tech blog article of our analyst Karsten Hahn.

More on this at GData.de

 

Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more

HeadCrab 2.0 discovered

The HeadCrab campaign against Redis servers, which has been active since 2021, continues to successfully infect targets with the new version. The criminals' mini-blog ➡ Read more

Short news
, , ,