Please disable your Ad Blocker to better interact with this website.

  • Dormant Malware Found Attacking Chinese Nationals

    A number of Chinese nationals have found themselves the victims of a three-year malware campaign designed to extract information from the victims and the international corporations who employed them, The Security Ledger reported Nov. 23.

    Security researchers at RSA released a report Nov. 23 on the trojan known as “GlassRAT” (Glass Remote Access Tool), which appears to have been falsely authenticated and designed to “give remote adversaries access to- and control over compromised computers on a target network.” GlassRAT was created in 2012 and discovered Feb. 2015. (RELATED: New Russian Hacker Exploit ‘Most Significant Cyber-Espionage Threat’ To US, NATO Partners)

    A trojan horse virus is a type of malware that is disguised as legitimate software. Once a trojan is installed on a computer, it allows the bad actor to remotely control the computer. They can then delete, modify or copy data in addition to disrupting network performance. (RELATED: Elite Iranian Military Unit Suspected Of Hacking White House Officials)

    The names of the corporations or the types of industries involved are not disclosed in the report.

    Paul Roberts, a cybersecurity analyst and writer for The Security Ledger, tells The Daily Caller News Foundation in addition to the attacker being able to exude some control over the network, he believes the foreign nationals are potential targets for blackmail and extortion. GlassRAT can be used to collect personal information on the Chinese national or their family. At that point, threatening to expose the information or harm family members will be an incredible amount of leverage for a bad actor trying to encourage the foreign national to deliver company trade secrets from their employer.

    Roberts says GlassRAT operates like a sophisticated Swiss army knife, with several layers that together create an effective malware attack.

    A dropper, which serves as a container-like program that holds and installs the malware on the targeted computer, presumably stole a valid authenticity certificate from a software publisher—giving the dropper the appearance of legitimacy before being downloaded by the target. The dropper also has a self-destruct mechanism that deletes itself after releasing the malware and once the malicious code is installed it operates “below the radar,” avoiding typical anti-virus programs.

    The report does not speculate on the who the perpetrators are, but does say a technique similar to GlassRAT is used against the Philippine military and the Mongolian government.

    Roberts says it’s incredibly difficult to identify a primary actor who initiates such an attack, but he does have an idea.

    He says the Chinese government has a history of using foreign nationals to spy on their behalf and that given the nationality of the targets, it would not be a surprise if they were involved.

    Follow Steve Ambrose on Twitter

    Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact licensing@dailycallernewsfoundation.org.

    Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact licensing@dailycallernewsfoundation.org.

    Powered by WPeMatico


    Surge Wire

    Breaking news and analysis from around the globe courtesy of Daily Surge.

    Join the discussion. Leave a comment.

    We have no tolerance for comments containing violence, racism, vulgarity, profanity, all caps, or discourteous behavior. Thank you for partnering with us to maintain a courteous and useful public environment where we can engage in reasonable discourse.





    Trending Now on Daily Surge

    Send this to friend