Password-Stealing, Eavesdropping Malware Targets Ukrainian Government

News broke that a cyber espionage campaign is targeting the Ukrainian government with custom-built malware which creates a backdoor into systems for stealing data – including login credentials and audio recordings of surroundings. The remote access Trojan is called Vermin and is delivered alongside two other strains of malware – Sobaken RAT and Quasar RAT – the latter of which is an open source form of malware freely available online.

Liron Barak, CEO and Co-founder at BitDam:

“Most of the end-points inside and outside organization are not fully patched and therefore they are still vulnerable. This attack is an example of the evolution of email-borne attacks – from spam campaigns into highly sophisticated threats with obvious intentions – in this case a creative malware designed to infiltrate organisations’ networks and steal sensitive data.

“The malware, like most malware campaigns these days, is triggered by a click on a malicious Word file sent via email. The file then leverages a known exploit (CVE-2017-0199) to spread the malware on the targeted systems while remaining under the radar, leaving security teams blindsided by subsequent attacks.

“Cybercriminals are stepping up their game and constantly stay on the lookout for new ways to circumvent security measures and wreak havoc. Most of today’s email security solutions don’t stop sophisticated attacks such as Vermin malware. The best practice to stay protected is to use an advanced threat solution, in addition to the standard secure email gateway, that can identify all threats coming through common files before any damage is done.”