Malware, Threat Intelligence

Russian auto, e-commerce sectors subjected to novel malware attack

System hacked warning alert on laptop computer. Cyber attack on computer network, virus, spyware, malware or malicious software. Cyber security and cybercrime concept. System security technology (3)
(Adobe Stock)

Intrusions with the newly emergent CAPI Backdoor have been launched against automotive and e-commerce firms across Russia as part of a new phishing campaign, The Hacker News reports.

Threat actors have sent malicious emails with ZIP archives containing a fake Russian-language income tax legislation notice and an LNK file, with the latter triggering the execution of the .NET-based CAPI Backdoor, according to an analysis from Seqrite Labs.

Aside from ensuring operations with admin-level privileges and checking installed antivirus software in targeted systems, CAPI Backdoor also enables covert communications with a remote server, which provides commands that facilitate browser-stored data theft, system information gathering, folder content enumeration, and screenshot capturing.

Researchers also noted that the CAPI Backdoor established a scheduled task and LNK file within the Windows Startup folder to ensure persistence on infected systems.

"The malicious payload is a .NET DLL that functions as a stealer and establishes persistence for future malicious activities," researchers added.

Related

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

CorruptionDarknetDeauthentication AttackDictionary AttackDrive-by DownloadDumpSecGoogle HackingHybrid AttackInformation WarfareMorris Worm

You can skip this ad in 5 seconds