North Korea's Official News Site Delivers Malware

KCNA serves malware
Kim Jong-Un inspects the Korean People's Army (KPA) Air and Anti-Air Force Unit 458, Pyongyang, North Korea 
A security researcher have discovered a malware being distributed via North Korea's official news site KCNA. Researcher identified a Zip file containing a pair of malware droppers, disguised as Flash Player updates targeting Windows users on Internet Explorer.


How It Infects ?

When a user with an outdated flash player (lots of security vulnerabilities) enters into the KCNA website,  a javascript executes and drops a fake flash player update "FlashPlayer10.zip" which contains two malicious executable files - Install Flash Player 10 Activex.exe and Install Flash Player 10 Plugin.exe.

After the user installs these files, the malware start running hidden in computer. According to BitDefender, the malware is able to steal passwords from browsers including Chrome and Mozilla Firefox.

Not all users are prompted to download the malware. The Javascript that triggers download might check for a particular OS, language or other attributes.

Image credit : Telegraph

No comments

Powered by Blogger.