GBHackers News reports that Venezuelan President Nicolas Maduro's recent arrest has been exploited to deliver backdoor malware as part of an advanced social engineering campaign.Attackers leveraged spear-phishing emails with a ZIP archive referencing the U.S.'s next steps for Venezuela, which contains the "Maduro to be taken to New York.exe" and the illicit "kuguo.dll" files, with the former being a legitimate binary for the Chinese streaming platform KuGuo, according to Darktrace researchers. Execution of the malware is followed by self-replication within a "C:ProgramDataTechnology360NB" directory, with the renamed "DataTechnology.exe" file modified to automatically run at startup before displaying a restart prompt.Restarting the impacted device prompts the backdoor to ensure a connection with the attackers' command-and-control server for the subsequent receipt of instructions and configuration updates. While such tactics have long been associated with Chinese advanced persistent threat operation Mustang Panda, additional evidence is still needed to finalize attribution, researchers said.
