Hack-for-hire threat group Evilnum, also known as DeathStalker, has been deploying an updated variant of the Janicab malware in its attacks against travel agencies, financial investment organizations, and legal firms in Georgia, Egypt, Saudi Arabia, the United Arab Emirates, and the U.K., in an effort to exfiltrate corporate information, reports The Hacker News.
YouTube and other public services are being used by the new Janicab malware variant to serve as dead drop resolvers, a report from Kaspersky revealed.
"Since the threat actor uses unlisted old YouTube links, the likelihood of finding the relevant links on YouTube is almost zero. This also effectively allows the threat actor to reuse C2 infrastructure," said researchers.
The report also showed that while the updated Janicab malware no longer features audio recording capabilities, it has gained a keylogger module similar to those used in Powersing attacks.
Continuous updates of Evilnum's malware arsenal should prompt organizations to further monitor Internet Explorer processes.