Short Bytes: It seems that potential hackers are taking more interest in open source malware codes these days because they are easily available. We are also seeing a lot of open source codes being used for hacking and one such incident has happened with Indian Ambassador to Afghanistan.
Looking at the recent Political interests of India in building and funding Afghanistan’s infrastructure and economic development, it is possible that some groups are interested in tracking and spying on the key political individuals.
Some of the economic interests which have been taken by India in Afghanistan are setting up iron ore mines, steel plants, power plants and transportation systems, helping reconstruct the Salma Dam and constructing a new Parliament Complex for the Afghan Government.
Here is how the email which was a Trojan was supposed to work:
- The Rich Text format downloads an executable from newsumbrella[.]net.
- The executable downloaded file is executed on the Victim’s machine
- The executable ‘file.exe‘ is a downloader which is used to call out to a server with the IP ‘184.108.40.206‘ and downloads the main Rover malware along with plugins used by the Rover malware.
- Rover malware and plugins are downloaded and installed on the victim machine.
- Data exfiltrated from the victim’s machine.
Researchers are relating it to the OpenCV technology. It is interesting to know that the OpenCV has been extensively used by organizations and research groups for real-time capture, image manipulation, object detection and many other uses in new forms of human-computer interaction, security systems, driver-less cars among many others. OpenCV was also used by the Mars Rovers to send captured data back to Earth.
It is interesting to see that the very code used in Mars Rovers are also being used to track and spy on individuals being targeted and which can remain undetected by traditional security systems.
Get Learn to Code 2016 Bundle here.