There’s a new malware that’s effectively attacking Facebook, Google, and other services to steal data and release more malicious code…
Cyber-security firm Cyberseason has discovered a new cyber-espionage campaign that is using a new malware that relies on Facebook, Google Drive, and Dropbox for command and control communication. The group behind the effort is known as the Molerats. Collectively, they’re using two new backdoors, called SharpStage and DropBook, as well as a previously undocumented malware downloader named MoleNet, to abuse popular cloud computing services.
Molerats Hacker Group Deploys SharpStage and DropBook Cyber-Espionage Campaign
Like some others, the malware is designed to avoid detection by using Dropbox and Facebook services to steal data. Plus, it also can receive instructions from its operators to unleash more malicious code. After the hackers steal their target data from their victims, both back-doors use Dropbox to extract it. The campaign largely targets political figures and/or government officials in the Middle East.
The threat actors use an official-looking email in order to trick recipients into downloading infected documents. What’s shown in the preview is only a summary, and recipients are asked to download password-protected archives stored in Dropbox or Google Drive to see all of the information. Once done, additional malware can then be deployed.