With the Heartbleed bug grabbing headlines around the world, attackers are leveraging the news for their own malicious tactics.
Researchers have uncovered a new attack campaign that lures users into downloading a supposed Heartbleed vulnerability detection tool that infects computers with malware.
Dubbed the HelloBridge backdoor trojan, the malware is able to execute commands from it’s command and control server that include downloading additional malicious files and exfiltrating data, according to a blog post by researchers at Dell SecureWorks Counter Threat Unit.
Samples of the trojan were first collected on April 9. At the time, SecureWorks’ VirusTotal analysis service indicated that only three out of 51 anti-virus (AV) vendors detected the malware. By April 17 up to 27 AV vendors detected it.
According to researchers, this is a recent threat tactic that has predominately been used in Southeast Asia.