You must Register or Sign in to your Cyware account to perform this action
×Once you are logged in, you will be able to:
Customize your feeds by selecting categories you like
Comment on or Like an article
Receive the latest security stories, trends, and insights in your inbox
Build your profile and login across multiple devices
Bookmark a story and read it later
- Home
- Hacker News
- Malware and Vulnerabilities
- New Shamoon variant contain Anti-American themed messages and detection evasion techniques

New Shamoon variant contain Anti-American themed messages and detection evasion techniques
New Shamoon variant contain Anti-American themed messages and detection evasion techniques- December 28, 2018
- |
- Malware and Vulnerabilities
/https://cystory-images.s3.amazonaws.com/shutterstock_444597916.jpg)
- The new sample of Shamoon obfuscates detection by behaving like a system optimization tool.
- The Shamoon variant is signed with a digital certificate that was issued on March 25, 2015, and expired on March 26, 2016.
A new sample of the destructive disk-wiping malware Shamoon was recently discovered on VirusTotal. The malware variant was uploaded to the platform on December 23, 2018, from France. It tries to bypass detection by leveraging a digital certificate from the Chinese technology company Baidu.
Propagation of the new Shamoon variant
The new sample of Shamoon obfuscates detection by behaving like the system optimization tool Enigma version 4. The variant is signed with a digital certificate that was issued on March 25, 2015, and expired on March 26, 2016.
Threat actors conducting attacks against oil and gas companies in the Middle East have typically been using the new Shamoon variant to attack firms in the same area, as well as in Europe. Researchers from Anomali Labs found that the new sample of Shamoon uses an image of a burning US dollar as a part of its attack.
“The image includes the text ‘WE WILL TAKE REVENGE ON THE BLOOD AND TEARS OF OUR CHILDREN’ which is displayed in tandem with the overwriting of files on a victim's system,” Anomali researchers said in a blog post.
Capabilities
To deceive users, attackers disguised the malware as various file names such as ‘Baidu PC Faster’ and ‘Baidu WiFi Hotspot Setup’.
“In this case, the malicious internal file name is ‘Baidu PC Faster’ and uses the description ‘Baidu WiFi Hotspot Setup’. A closer inspection of the file resources utilized by the sample reveals similarities with Shamoon V2 malware. Specifically, the resource ‘GRANT’ is included which indicates that this sample was like compiled based on the second version of the codebase,” wrote Anomali Labs researchers.
The new Shamoon variant’s capabilities include deleting files from infected systems and making the machines unbootable. Currently, there is no evidence of the new malwaer sample having been used in the wild.
“At this time, Anomali Labs has not confirmed that this sample has been used to target victims in the wild. However, historic Shamoon 2 attacks occurred in November 2016 and late January 2017. The possibility for targeted attacks occurring during western holidays exists. This possibility is highlighted by the use of US currency in the political image that accompanies the destructive malware,” Anomali Labs researchers explained.
- + Aware
Get such articles in your inbox
News
-
Previous News Ryuk Ransomware suspected in the cyberattack on US Newspapers
- December 31, 2018
- |
- Malware and Vulnerabilities
-
Next News Data breach at Nova Entertainment saw hackers compromise over 250,000 users’ data
- December 28, 2018
- |
- Breaches and Incidents
Popular News
Related News
-
An outline of wiper malware
- September 28, 2019
- |
- Malware and Vulnerabilities
Categories
Get such articles in your inbox
News
-
Previous News Ryuk Ransomware suspected in the cyberattack on US Newspapers
- December 31, 2018
- |
- Malware and Vulnerabilities
-
Next News Data breach at Nova Entertainment saw hackers compromise over 250,000 users’ data
- December 28, 2018
- |
- Breaches and Incidents
Popular News
Related News
-
An outline of wiper malware
- September 28, 2019
- |
- Malware and Vulnerabilities
Categories
