LuckyMouse Group is back and using a legitimate certificate to sign Malware

14th September 2018 | By Mouseworld Now Correspondent |

Kaspersky-Lab-logoNew Delhi, 14th Sept, 2018: The Kaspersky Lab Global Research and Analysis Team (GReAT) has discovered several infections from a previously unknown Trojan, which is most likely related to the infamous Chinese-speaking threat actor – LuckyMouse. The most peculiar trait of this malware is its hand-picked driver, signed with a legitimate digital certificate, which has been issued by a company developing information security-related software.

The LuckyMouse group is known for highly targeted cyberattacks on large entities around the world. The group’s activity is posing a danger to whole regions, including South-Eastern and Central Asia, as their attacks seem to have a political agenda. Judging by victim profiles and the group’s previous attack vectors, Kaspersky Lab researchers think that the Trojan they’ve detected might have been used for nation-state backed cyber-espionage.
The Trojan discovered by Kaspersky Lab experts infected a target computer via a driver built by the threat actors. This allowed the attackers to execute all common tasks such as command execution, downloading and uploading files, and to intercept network traffic.

The driver turned out to be the most interesting part of this campaign. To make it trustworthy, the group apparently stole a digital certificate, which belongs to an information security-related software developer and used this to sign malware samples. This was done in an attempt to avoid being detected by security solutions, as a legitimate signature makes the malware look like legal software.

Another noteworthy feature of the driver is that despite Luckymouse’s ability to create its own malicious software, the software used in the attack appeared to be a combination of publicly available code samples from the public repositories and custom malware. Such simple adoption of a ready-to-use third-party code, instead of writing original code, saves developers time and makes attribution more difficult.

Leave your comment

IMPORTANT! To be able to proceed, you need to solve the following simple math

What is 11 + 5 ?
Please leave these two fields as-is:

Mouseworldnow Videos
  • r chandrashekhar president nasscom
  • Anant Maheshwari, President, Microsoft India
  • Suresh_Vaswani-220 by 220

Channel News

  • iValue Registers Impressive growth of 70% in FY2017-18 more...
  • NetRack Showcases iRack Block at DCD Bangalore more...
  • Capillary Technologies to help boost Bata’s Omnichannel CRM strategies in Southeast Asia more...
  • Fox Mobiles Launches new range of Basic Keypad Phones more...
  • iValue is “APAC VAD” for Micro Focus more...
Subscribe via email

Enter your email address:

QUESTION HOUR
What does the mouse ask?

Will the spurt in online video advertisement steal the twinkle from the TV ad platform?

View Results

Loading ... Loading ...
Newsletter Registration