Java 'Icefog' Malware Variant Infects U.S. Businesses
APT attack campaign uses tough-to-detect Java backdoor to compromise US oil company and two other organizations
Beware Java-based malware that's been used to exploit at least three US-based organizations.
That warning of a new advanced persistent threat (APT) attack campaign came via Kaspersky Lab, which said that it's traced a malicious Java archive (a.k.a. JAR) file to eight infected systems inside three US-based organizations, which it declined to name. "Based on the IP address, one of the victims was identified as a very large American independent oil and gas corporation, with operations in many other countries," Kaspersky Lab researchers Costin Raiu, Vitaly Kamluk, and Igor Soumenkov said in a joint blog post Tuesday. "As of today, all victims have been notified about the infections. Two of the victims have removed it already."
More Security Insights
- Integration with Oracle Fusion Financials Cloud Service
- Four Ways to Modernize Your Application Performance Monitoring Strategy for Web 2.0 and AJAX
- Solving Big Data Challenges with Simplicity & Speed
- Optimize Your SQL Environment for Performance & Flexibility
The attacks have been tied to the Icefog APT attack campaign, which historically has used Windows Preinstallation Environment files to infect targets.
What's unusual about the latest attacks is that the "Javafog" malware used by attackers was, as the name implies, written in Java. Furthermore, it includes only basic functionality, such as the ability to upload files to a designated server, as well as change the command-and-control (C&C) server to which it reports. "The backdoor doesn't do much else," according to Kaspersky Lab. "It allows the attackers to control the infected system and download files from it. Simple, yet very effective."
Read the full article here.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.