Kaspersky Lab Experts Provide Detailed Analysis of Madi
OREANDA-NEWS. August 2, 2012. Kaspersky Lab and Seculert announced the discovery of Madi, an on-going cyber-espionage campaign in the
Today Kaspersky Lab’s experts published a detailed technical analysis of the info-stealing malware used by the Madi attackers. The analysis provides technical examples and explanations of each primary function of the info-stealing Trojan, and details how it’s installed on an infected machine, logs keystrokes, communicates with the C&Cs, steals and exfiltrates data, monitors communications, records audio, and captures screenshots.
Summary Findings:
Overall, the components of the Madi campaign are unsophisticated despite the high infection count of more than 800 victims.
The development of the Madi info-stealing Trojan was an extremely rudimentary approach based on the attackers’ coding style, programming techniques and poor use of
Most of the info-stealers’ actions and communications with the C&C servers occur through external files, which is a disorganized and elementary way of coding in
Despite the crude coding of the malware, the high-profile victims were infected by the info-stealing Trojan by being tricked with social engineering schemes deployed by the Madi attackers.
The Madi campaign demonstrates that even low quality malware can still successfully infect and steal data, so users should be increasingly careful of suspicious emails.
No advanced exploit techniques or zero-days are used anywhere in the malware, which makes the overall success of the campaign very surprising.
Madi was a low investment campaign regarding its developmental and operational efforts, but its return on investment was high considering the number of infected victims and amount of exfiltrated data.
Although the malware had some unusual characteristics inside it, there is no solid evidence that points to who its authors are.
Комментарии