A recent survey by Kaspersky brought out a campaign multi-malware in progress. According to experts, they have been registered in this regard over 10,000 attacks all over the world.
Why is this campaign defined as “multi-malware“? In this precise context, cybercriminals use in a single attack backdoor, keylogger e minerthrough a preventative system that deactivates the victims’ security systems.
The first signs of an operation of this type were identified last April by theFBI. Kaspersky’s most recent research, however, has exposed the entire campaign, with a reality that is much more worrying than expected.
The cases examined by the antivirus company concern the period between May and October this year. At this juncture, multi-malware has predominantly targeted government agencies, farms e wholesale and retail company.
The victims, it seems, come from countries scattered all over the world. Most cases have been reported in Russia, Saudi Arabia, Vietnam, Brazil and Romania, although there are reports in the United States, Morocco and Greece.
Muli-malware: a single campaign operates through backdoors, keyloggers and miners
The attack occurs through malicious scripts, capable of infiltrating victims’ systems through vulnerabilities in servers and workstations. Once access is gained, the script attempts to manipulate Windows Defender to obtain administrative rights and stop the functioning of various software antivirus.
Once this happens, a backdoor, keylogger, and miner is downloaded. With the latter, cybercriminals operate by exploiting the hardware to mine cryptocurrencies such as Monero (XMR).
At the same time, the keylogger records the keystrokes typed by the user, attempting to steal passwords and other valuable information for the victim. Finally, the backdoor continues to act, establishing a connection with a command and control server, with attackers able to remotely manage the compromised system.
Per Vasily Kolesnikovsecurity expert at Kaspersky “This multi-malware campaign is evolving rapidly introducing new changes. The attacker’s motivation appears to be solely financial gain using all available means“.
The same expert then added how “Research from our cybersecurity experts suggests that cybercriminals are not limited to cryptocurrency mining. Instead, they could also include selling stolen login credentials on the Dark Web or running advanced scenarios using backdoor functionality. Our products such as Kaspersky Endpoint Security are able to detect infection attempts, including new modifications, thanks to their comprehensive protection features“.
