Amaq, a media channel used by the Islamic State, was hacked and was distributing malware via a Flash Installer, according to a post on Motherboard.
Visitors to the site were being prompted to click on a phony Flash update, independent researcher Raphael Gluck, told Motherboard. Gluck provided Motherboard with a sample of the malicious trojan, “FlashPlayer_x86.exe,” widely known to anti-virus vendors.
Another threat researcher, Willis McDonald at Core Security, told the publication that the file was a dropper – that is, software that injects malware – for Bladabindi, aka NJRat. The malware, which has been known since 2013, is capable of stealing sensitive information and opens the infected device to further incursions.
McDonald speculated that since the generic malware has been widely used in a number of Middle Eastern campaigns, its intention might not have been to target ISIS, specifically.
Amaq has since moved onto another domain and visitors now are not presented with the popup, Motherboard reported.