Ryuk has now emerged within a new guise. In brief, the new strain of Ryuk Stealer exhibits advanced properties that enable it to target government and military sectors.
Ryuk Malware Stealer Revamped
Researchers from the MalwareHunterTeam have discovered a new Ryuk Stealer malware with advanced additions. The new strain is capable of aiming at high-profile targets such as military, government, finance, and banking sectors.
https://twitter.com/malwrhunterteam/status/1220700744984211458
While the earlier Ryuk Stealer malware specifically targeted Word and Excel files, the new version has more targets. According to Vitali Kremez, it now targets seven file types including more Word and Excel files (other than docx and xlsx), pdf, jpg, C++ source code, and crypto-wallets.
When the stealer detects a file with a recognized extension, it then scans it for the presence of certain keywords.
https://twitter.com/malwrhunterteam/status/1220728446239891457
Upon finding the desired document, it then uploads the file to the attackers’ FTP site.
As evident from the targeted words list that includes words like ‘SWIFT’, ‘IBAN’, ‘radar’, ‘tactical’, EDGAR’, ‘newswire’, ‘federal’, ‘bureau’, and ‘investigation’, the new stealer clearly aims at pilfering sensitive information from government, military, and financial institutions.
It also specifically focuses on personal information of victims. It even includes some common names, such as ‘Liam’, ‘Olivia’, ‘James’, ‘Emma’, ‘Noah’, ‘Sophia’, ‘William’, ‘Isabella’, and ‘Logan’. Interestingly, all of these names are included in the ‘Top 5 Names in Each of the Last 100 Years’ list by the US Social Security Department.
Who Is Behind The New Stealer?
Though, the identity of the threat actor(s) behind this malware isn’t clear. Vitali Kremez told Bleeping Computer that they might be the same actors who devised Ryuk.
It is likely the same actor with the access to the earlier Ryuk version who repurposed the code portion for this stealer.Moreover, the distribution of this malware in the wild and its possible bundling with other malware/ransomware is also not clear. It was only possible to detect this stealer as Ryuk owing to the leftover artifacts.
https://twitter.com/VK_Intel/status/1220742350139543552
Therefore, the internet users must remain extremely cautious of any phishing emails, suspicious attachments, remote connections, and should ensure keeping their systems updated to avoid potential mishaps.
Posted from my blog with SteemPress : https://latesthackingnews.com/2020/01/30/new-ryuk-stealer-targets-government-and-military-sectors/
Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://latesthackingnews.com/2020/01/30/new-ryuk-stealer-targets-government-and-military-sectors/
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit