New cyberespionage trojan spreading in Taiwan

Version numbers are hardcoded in Backdoor.Dripion, indicating that attackers can update their code.
Version numbers are hardcoded in Backdoor.Dripion, indicating that attackers can update their code.

A new back door trojan, so far only used in Taiwan, created to siphon information has been detected by Symantec researchers.

Backdoor.Dripion has been used only in a small number of targeted attacks, but based on previous iterations, Symantec suspects the custom-developed malware may be tied to an organization called Budminer that has been involved in cyberespionage campaigns.

The downloader was identified as Downloader.Blugger, which has been around since 2011. It retrieves Dripion for installation from a remote blog and the attackers disguise their efforts by employing domain names that appear to be anti-virus company websites for their command and control servers. Although the blog is in English, targets so far have been limited to Taiwan.

Once Dripion is installed, attackers gain access to targeted computers, which enables them to upload, download and siphon out data and execute remote commands.

Version numbers are hardcoded in the malware, indicating that the attackers can create, modify and update their code, Symantec researchers said.
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS