Stronger the walls you build, more sophisticated weapons are invented to take it down. This allegory depicts the present-day cybersecurity situation where increased security measures beget advanced threats to infect and attain their malicious goals. There are several malware that have created major ripples across the world causing colossal financial and infrastructural losses. However, there are many not-so-known malware that pose enough threat to systems and institutions, which need equal attention--if not less. Therefore, we bring four malware you possibly didn’t know exist.
This is a variant of the OSX.Dok dropper behaves differently and installs completely a different payload. OSX.Bella has the same form as the dropper for OSX.Dok, a zipped app named Dokument.app, hiding as a document. Interestingly, it is also signed with the same certificate as the previous OSX.Dok dropper. However, like the previous variant, it also copies itself a designated path and displays an alert that the app is damaged.
2. Trojan SmokeLoader
The malvertising campaign dubbed as “ProMediads” uses an exploit kit known as Sundown-Pirate which actually drops Trojan SmokeLoader malware. This malware installs an information-stealing botnet infector Zyklon. Once installed, it could initiate downloading of another malware, receiving commands from C&C server, relaying specific information and telemetry back to the control server, updating or deleting itself, stealing login and password information, logging keystrokes and participating in a DDoS attack.
Although this malware was first revealed in January 2017, it has proven to be stealthy and mysterious. However, prior to its detection FruitFly has lived in the wild undetected for several years. The controller of the malware has the capability to remotely take complete control of an infected system including files, webcam, screen, and keyboard and mouse. This substantiates the looming threat it claims to unleash.
The Linux has assumed this generic name to infect Raspberry Pi devices with the purpose of mining cryptocurrency. It is reported that this malware was first reported in May in a form of script that contains compressed and encrypted application. According to experts, the initial infection takes place when Raspberry Pi operators leave their devices’ SSH ports open to external connections. Soon after the malware infects the device, it changes the password of the Pi account to something specific.
These are some of the malware that are equally dangerous to the most popular malware out there that infect major operating systems. As we have seen, organizations cannot afford to look the other side due to their capability to inflict greater damage.