Duqu malware’s descendant strikes over 140 organisations across the globe

The security firm, Kaspersky has a descendant of ugly malware, Stuxnet which has infected more than 140 companies, banks, government groups and telecom companies. Because infections are so hard to spot, the actual number is likely much higher.

Stuxnet was the infamous computer worm, reportedly created by US and Israel to sabotage Iran’s nuclear program seven years ago. The fileless or invisible updated malware was discovered two years ago by the Moscow-based cybersecurity company and dubbed it as ‘Duqu 2.0’, a more advanced form of the Duqu malware that was linked to Stuxnet in 2011.

The malware which is going mainstream is used by hackers to suck out money from bank accounts. The malware is in over 40 countries, including 21 instances in the United States. The trait that makes the infections hard to detect is the use of legitimate and widely used system administrative and security tools—including PowerShell, Metasploit, and Mimikatz—to inject the malware into computer memory. “Unfortunately the use of common tools combined with different tricks makes detection very hard,” said Kaspersky.

Virtually all of the malware resided solely in the memory of the compromised computers, a feat that had allowed the infection to remain undetected for six months or more. Techniques like these are becoming more common, especially against relevant targets in the banking industry.

The so-called fileless malware is unique in its ability to disappear after being installed on a server. Once the attacked computer is rebooted, the malware renames itself, leaving no detectable trace of its existence. It can take several months before sysadmins realise the machine has been infected. During that time period, hackers can steal freely from the coffers of the affected enterprise. The security firm published a report about the hidden malware on Wednesday (February 08) and will present more details in April.

This discovery has given a reason for institutions to worry more about the average consumer. The new malware also follows a trend of sophisticated, undetectable cyberattacks like periscope skimming. This ultra bad technology started showing up inside of ATMs across the US last year and lets hackers gobble up credit information without the consumer or the bank knowing since the hardware is installed inside of the machine. Many banks are not adequately prepared to deal with such attacks.

Leave a Reply