A military-themed malware campaign targeting military and government organizations in South Asia unleashes “maldocs” that spread full remote-access trojan (RAT) capabilities.

The multistage chain attack, which began in 2018, infects endpoints with customized beacons and a modular dropper that Talos calls IndigoDrop, which executes the final payloads, Cisco Talos reported in a blog post.

“This attack demonstrates how the adversary operates a targeted attack that uses legitimate-looking lures to trick the target into infecting themselves,” according to the post, which details the malware capabilities and suggestion to guard against such an attack. Campaign components include the usage of both public and private servers, Microsoft Office, credentials stolen from the endpoint by a python module from Google Chrome, Microsoft Edge, Opera, Mozilla Firefox, WiFi credentials and bitly-shortened URLS.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.