INFRA
INFRA
INFRA
Researchers warn new Lebal malware is seeking high-profile targets
A malicious new form of malware targeting universities, government organizations and private companies has been detected in what could potentially be the first major state-sponsored attack of 2018.
Called “Lebal” by security researchers at Comodo Group Inc. in an announcement today, the malware has so far been detected in five universities, 23 private companies and several government organizations. Described as a “sophisticated type of malware,” Lebal uses a complicated chain of methods to bypass technical security means and deceive people.
The vector for the attacks, which are described as being specifically targeted versus random attempts, was not through usual email attacks but camouflaged through several layers. The first attempt involves a phishing email disguised as a message from Federal Express, while the second attempt involves a malicious link pretending to be a link to Google Drive.
Once a user clicks on a link, the attackers can steal private data from the web browser, including cookies and credentials, and they look for information about e-mail and instant messaging clients. In addition, Lebal pulls credentials from FTP clients like FileZilla or WinSCP and attempts to locate and access cryptocurrency wallets such as bitcoin or Electrum. “In short,” the security researchers note, “it grabs everything it can extract” from a victim’s machine.
It doesn’t stop there, either. The malware also attempts to turn off operating-system defenses while also hiding itself from antimalware tools in various sophisticated ways, both of which make it more dangerous than other forms of malware attacks.
The attack, aimed at 30 mail servers, is said to have come from one IP address from Sao Paolo, Brazil, with all 328 phishing emails sent on Jan. 8. The fact it came from Brazil means nothing in terms of where the attackers are based, however, since it would be extraordinarily easy for the attackers to hijack a machine externally to distribute the malware.
Comodo Threat Research Labs said enterprise users, in particular, should be aware that the attackers are likely to use the malware again and to take all reasonable actions to protect against Lebal gaining access to their network.
Photo: christiaancolen/Flickr
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
