The Malware of Linux is much less common than malware program is for Windows, but it's just as much of a risk. The Volexity has been identified in a campaign of cyber espionage carried out by the group in whatever UTA0137 against the objectives of the indian, in which it is used DISGOMOJI, a malware that uses emojis to receive commands from the server Discord.
Emoji instead of the commands in the text
The chain of the infection begins with the sending of a file, ZIP file, as an attachment to the email (phishing). On the inside is an executable ELF, that the discharge of a PDF document to be harmless. DISGOMOJI and skrip shell, which controls the drive's USB download too, in the background. The Malware was developed primarily for the distribution of the BOSS to be used by un agencies, the government of india.
After the start, DISGOMOJI collect different information, including the IP address, and the name of the hostit, and the name of the user, the version of the operating system and the direktorinë work, which is then sent to the server to C2 in the Discord. Stability is maintained with the vehicle cron.
The Malware communicates with the server using a protocol based on the emoji. When a command is executed, DISGOMOJI send an emoji of the time, and when the execution completes, it sends an emoji of the logo of the text. The server uses one of the 9 emoji to the other to indicate the action to be performed on the computer of the victim, for example, the emoji camera to take a picture of the screen, emoji of the fire to search the documents for specific or emoji of a fox to create a ZIP archive of the profiles of the users of the Firefox web browser.
The data is then sent to a service for sharing files. The Volexity has discovered another variant of malware program which employs the use DirtyPipe to gain privileges on the root.
Discussion about this post