New Backdoor.Dripion Employed for Stalking Taiwanese Online Targets

A backdoor Trojan, Dripion has been employed to attack just a handful of targets; however, seeing from earlier iterations, Symantec doubts there maybe an association between the customized malware and Budminer an organization executing Web spying campaigns.

Backdoor.Dripion is brought on the Web via the downloader recognized to be Downloader.Blugger that first emerged in 2011 and since then being active. Downloader.Blugger restores Dripion from some remotely existing blog while the attackers camouflage as anti-virus companies whose domain names reflect as their websites. Albeit the language used on the blog is English, the attacks have hitherto been in Taiwan only. Scmagazine.com posted this, March 30, 2016.

Security investigators are not sure whether someone has hacked these blogs alternatively the Budminer gang established it. After Blugger downloads Dripion and executes it, the backdoor becomes active such that Budminer actors are enabled with uploading/downloading files onto compromised PCs for subsequent execution of those same files. Dripion's utilities are extremely constrained, nevertheless very effective.

The installation of Dripion provides attackers with admission into targeted PCs that let them to siphon out, take down and/or upload data as well as execute remote instructions. According to Symantec, Dripion utilizes website addresses (nortonsoft.com and mcfeesoft.com) for its command-and-control infrastructures which appear as security products.

Some more fascinating developments -when investigators made a comparison between the Dripion attack and their database of malicious programs from past, they found that merely one cyber-espionage gang (Taidoor) employed Blugger within live assaults back during 2012. Similar as with the Dripion attack, the majority of targets belonged to USA, in addition to Taiwan; however, there were more within South Korea and Japan too. Apart from the MO they shared, Dripion and Taidoor attacks as well share a few command-and-control servers.

Based on an analysis by Symantec, it's definite that Budminer gang embarked on developing one fresh backdoor malware following the gang's earlier Taidoor Trojan got exposed and thwarted via the 2012 ousting by Symantec. No matter what efforts the gang made for creating their malware and operating it tactfully, it hasn't been able to defeat security experts, who've currently made their security products up-to-date for catching Budminer's wares.

» SPAMfighter News - 4/6/2016