New cyberespionage trojan spreading in Taiwan
Version numbers are hardcoded in Backdoor.Dripion, indicating that attackers can update their code.
A new back door trojan, so far only used in Taiwan, created to siphon information has been detected by Symantec researchers.
Backdoor.Dripion has been used only in a small number of targeted attacks, but based on previous iterations, Symantec suspects the custom-developed malware may be tied to an organization called Budminer that has been involved in cyberespionage campaigns.
The downloader was identified as Downloader.Blugger, which has been around since 2011. It retrieves Dripion for installation from a remote blog and the attackers disguise their efforts by employing domain names that appear to be anti-virus company websites for their command and control servers. Although the blog is in English, targets so far have been limited to Taiwan.
Once Dripion is installed, attackers gain access to targeted computers, which enables them to upload, download and siphon out data and execute remote commands.Version numbers are hardcoded in the malware, indicating that the attackers can create, modify and update their code, Symantec researchers said.