Chinese-speaking advanced persistent threat group LuoYu has been leveraging man-on-the-side attacks to deliver the malicious WinDealer backdoor, reports The Hacker News.
WinDealer, which was first identified to be used by LuoYu by TeamT5 researchers, is a modular malware platform that does not only feature sensitive data exfiltration, screenshot capturing, and arbitrary command execution, but also leverages a complex IP generation algorithm for command and control server selection in a pool of nearly 50,000 IP addresses.
While LuoYu initially deployed WinDealer against Japanese organizations, the malware has since been used to attack entities in the U.S., Russia, Germany, India, and Austria, according to Kaspersky.
"Man-on-the-side-attacks are extremely destructive as the only condition needed to attack a device is for it to be connected to the internet. No matter how the attack has been carried out, the only way for potential victims to defend themselves is to remain extremely vigilant and have robust security procedures, such as regular antivirus scans, analysis of outbound network traffic, and extensive logging to detect anomalies," said Kaspersky security researcher Suguru Ishimaru.
