Gadgets

Kaspersky shares new details about watering-hole attacks targeting mobile users in Southeast Asia

ANI | March 27, 2020 02:23 PM
Kaspersky logo

Washington D.C.[USA], Mar 27 (ANI): Earlier in March, Trend Micro published research on a watering-hole campaign targeting users in Southeast Asia with powerful spyware called LightSpy. Following that research, Kaspersky's Global Research and Analysis Team shared some important additional details on this attack targeting mobile users through links on various forums and communications channels.

In their research, published on Securelist.com, Kaspersky provides an analysis of:

- The surveillance framework's deployment timeline starting from January 2020 - Previously unknown samples of the LightSpy Android implants- Traces of implants targeting Windows, Mac and Linux based computers along with Linux-based routers- New indicators of compromise and some other details about the attack

What is known about the LightSpy attacks?

Actors behind the campaign distribute links to malicious websites mimicking the original ones that are likely to be frequented by potential victims. Once a target visits the weaponized website, a custom exploit chain tries to execute a shellcode, which leads to the deployment of the full original malware on the victim's phone.

Landing page of watering hole site

The malware is successfully targeting iPhones running versions of iOS up to version 12.2. Users running the latest version of iOS, 13.4, should be safe from these exploits. Users of Android OS-based devices are also in the crosshairs - researchers found several versions of the implant that target this platform. In addition, Kaspersky researchers identified some indicators of the existence of malware targeting Mac, Linux and Windows-based computers, along with Linux-based routers.

The research also discovered the malware is being spread through forum posts and replies, as well as popular communications platforms by posting links to the deployed landing pages. Once the website has been visited, the malware jailbreaks the victim's device, giving the attackers the ability to record calls and audio, read certain messengers and more.

The information currently available does not make it possible to attribute the operation to any known advanced persistence threat actor (APT), which is why Kaspersky has temporarily dubbed the attackers "TwoSail Junk".

"We tracked this particular framework and infrastructure beginning in January this year. It is an interesting example of an agile approach to developing and deploying surveillance framework in Southeast Asia. This innovative strategy is something we have seen before from SpringDragon, and LightSpy's targeting geolocation falls within the previous regional targeting of the SpringDragon/LotusBlossom/Billbug APT, as does the infrastructure and "evora" backdoor use. Although the campaign peaked in February - that is when we saw the highest growth of links leading to the malicious site - it is still active and we continue monitoring it," comments Alexey Firsh, a security researcher at Kaspersky's Global Research and Analysis Team.

To avoid falling victim to waterholing and other targeted attacks such as this, Kaspersky recommends the following:

Try to avoid suspicious links promising exclusive content, especially if they are shared on social media. Refer to official sources for trustworthy and legitimate information.

Check the website's authenticity. Do not visit websites until you are sure that they are legitimate and start with 'https'. Confirm that the website is genuine, by double-checking the format of the URL or the spelling of the company name, reading reviews about it and checking the domain's registration data.

Choose a reliable security solution such as Kaspersky Security Cloud for effective personal protection against known and unknown threats. (ANI)

Have something to say? Post your comment
Must Read
Punjab Government shifts 70 employees of Hindu Cooperative Bank in various cooperative banks
Punjab Government shifts 70 employees of Hindu Cooperative Bank in various cooperative banks
Punjab govt. Appoints media veteran Dr. Sandeep Goyal as CEO of Punjab CSR authority
Punjab govt. Appoints media veteran Dr. Sandeep Goyal as CEO of Punjab CSR authority
Drug addicted youth  killed by Father allegedly in accidental firing in Burj Hari ka village of Faridkot district
Drug addicted youth killed by Father allegedly in accidental firing in Burj Hari ka village of Faridkot district
Punjab Government transfers 14 IPS and 4 PPS officers
Punjab Government transfers 14 IPS and 4 PPS officers
India 2020: The story of marching millions
India 2020: The story of marching millions
Manpreet Badal digs at Modi govt, says financial package of centre like 'Mungerilal Ke Sapne'
Manpreet Badal digs at Modi govt, says financial package of centre like 'Mungerilal Ke Sapne'
Chhina thanks PM, Gadkari for Linking Amritsar with Delhi-Katra Expressway
Chhina thanks PM, Gadkari for Linking Amritsar with Delhi-Katra Expressway
Punjab Government constitutes new advisory board of language department
Punjab Government constitutes new advisory board of language department
Punjab government provides one-year extension to associated schools: Education Minister
Punjab government provides one-year extension to associated schools: Education Minister
Fasttrack process of promotions of dept employees, Sadhu Singh Dharmsot directs officers
Fasttrack process of promotions of dept employees, Sadhu Singh Dharmsot directs officers
Capt Amarinder Singh launches Mission Fateh song featuring mega star Amitabh Bachchan, Milkha Singh, Kapil Dev, Gurdas Maan, Kareena Kapoor alongside ASI Harjit Singh & Tiktok sensation noor
Capt Amarinder Singh launches Mission Fateh song featuring mega star Amitabh Bachchan, Milkha Singh, Kapil Dev, Gurdas Maan, Kareena Kapoor alongside ASI Harjit Singh & Tiktok sensation noor
Captain Government starts registration of construction workers at 'Sewa Kendras' under 'Mission Fateh'
Captain Government starts registration of construction workers at 'Sewa Kendras' under 'Mission Fateh'