Cyber dating net
The malicious code was discovered and analyzed by the malware researchers Claudio Guarnieri and Collin Anderson.The security duo discovered that the malicious code was disguised by nation-state hackers as a Flash Player update and a Bitdefender Adware Removal Tool.The main purpose of Mac Downloader seems to be to perform an initial profiling of the infected system and collection of credentials from mac OS’s Keychain password manager – which mirrors the focus of Windows malware developed by the same actors.” reads the analysis published by the security duo.The experts discovered a first sample of the malware on a fake website of the aerospace firm United Technologies Corporation, that is the same website that was used in the past to spread a Windows malware and the Browser Exploitation Framework (Be EF).Jok3r corresponds with a member of a defacement group, Iran Cyber Security Group, who continues to be fairly active in vandalizing sites.
While we haven’t managed to obtain a proper response from the server before it was taken offline, our initial investigation did not find a subsequent implant,”“Of particular note are wireless networks named Jok3r and mb_1986.
The state-sponsored hackers set up a fake Juniper Networks VPN portal and used compromised email accounts from IT vendors to lure victims to it.
The hackers used the email accounts of the IT vendors to send messages containing links to the fake VPN portal to the victims.
Threat actors hit numerous organizations in the energy, government, and technology industries, all the victims are located or have an interest in Saudi Arabia.
The hacking campaign was dubbed Magic Hound, and according to the analysts, it dates back at least mid-2016.