Left Menu
Development News Edition

Kaspersky shares new details about watering-hole attacks targeting mobile users in Southeast Asia

Earlier in March, Trend Micro published research on a watering hole campaign targeting users in Southeast Asia with powerful spyware called LightSpy. Following that research, Kaspersky's Global Research and Analysis Team shared some important additional details on this attack targeting mobile users through links on various forums and communications channels.

ANI | Washington DC | Updated: 27-03-2020 14:29 IST | Created: 27-03-2020 14:29 IST
Kaspersky shares new details about watering-hole attacks targeting mobile users in Southeast Asia
Kaspersky logo. Image Credit: ANI

Earlier in March, Trend Micro published research on a watering-hole campaign targeting users in Southeast Asia with powerful spyware called LightSpy. Following that research, Kaspersky's Global Research and Analysis Team shared some important additional details on this attack targeting mobile users through links on various forums and communications channels. In their research, published on Securelist.com, Kaspersky provides an analysis of:

- The surveillance framework's deployment timeline starting from January 2020 - Previously unknown samples of the LightSpy Android implants- Traces of implants targeting Windows, Mac and Linux based computers along with Linux-based routers- New indicators of compromise and some other details about the attack What is known about the LightSpy attacks?

Actors behind the campaign distribute links to malicious websites mimicking the original ones that are likely to be frequented by potential victims. Once a target visits the weaponized website, a custom exploit chain tries to execute a shellcode, which leads to the deployment of the full original malware on the victim's phone. Landing page of watering hole site

The malware is successfully targeting iPhones running versions of iOS up to version 12.2. Users running the latest version of iOS, 13.4, should be safe from these exploits. Users of Android OS-based devices are also in the crosshairs - researchers found several versions of the implant that target this platform. In addition, Kaspersky researchers identified some indicators of the existence of malware targeting Mac, Linux and Windows-based computers, along with Linux-based routers. The research also discovered the malware is being spread through forum posts and replies, as well as popular communications platforms by posting links to the deployed landing pages. Once the website has been visited, the malware jailbreaks the victim's device, giving the attackers the ability to record calls and audio, read certain messengers and more.

The information currently available does not make it possible to attribute the operation to any known advanced persistence threat actor (APT), which is why Kaspersky has temporarily dubbed the attackers "TwoSail Junk". "We tracked this particular framework and infrastructure beginning in January this year. It is an interesting example of an agile approach to developing and deploying surveillance framework in Southeast Asia. This innovative strategy is something we have seen before from SpringDragon, and LightSpy's targeting geolocation falls within the previous regional targeting of the SpringDragon/LotusBlossom/Billbug APT, as does the infrastructure and "evora" backdoor use. Although the campaign peaked in February - that is when we saw the highest growth of links leading to the malicious site - it is still active and we continue monitoring it," comments Alexey Firsh, a security researcher at Kaspersky's Global Research and Analysis Team.

To avoid falling victim to waterholing and other targeted attacks such as this, Kaspersky recommends the following: Try to avoid suspicious links promising exclusive content, especially if they are shared on social media. Refer to official sources for trustworthy and legitimate information.

Check the website's authenticity. Do not visit websites until you are sure that they are legitimate and start with 'https'. Confirm that the website is genuine, by double-checking the format of the URL or the spelling of the company name, reading reviews about it and checking the domain's registration data. Choose a reliable security solution such as Kaspersky Security Cloud for effective personal protection against known and unknown threats. (ANI)


TRENDING

OPINION / BLOG / INTERVIEW

‘Discounted Deaths’ and COVID 19: Anthropology of Death and Emotions

Death is a social event rather than the mere cessation of biological functions. As seen by anthropologists, death is not just physical but intensely social, cultural, and political....

Indigenous knowledge of communities a must for maximizing impact of community work

Generally, it has been observed that the majority of the academicians in higher education institutions neglect the wisdom of community people and throw their weight around thinking that they know everything and the community knows nothing. ...

In rebuking FBR, Pakistan’s courts take a stand for public health

The system, if implemented effectively, will allow Pakistans revenue service to combat the illicit trade in tobacco products and potentially add hundreds of millions of dollars to the states budget each year. ...

Dissecting how COVID-19 is catalyzing the trajectory of New World Order

The ensuing pandemic of COVID-19 has hit the globalization in two ways firstly, shrinking the importance of globalization as an economic force by curtailing mobility through worldwide lockdowns, and secondly, rejuvenating the idea of indig...

Videos

Latest News

North Korea says it supports China's measures on Hong Kong

North Korea on Saturday expressed its support for Chinas decision to impose new national security laws in Hong Kong, calling it a legitimate step to safeguard the state security. Since Hong Kong issue is an issue pertaining thoroughly to th...

Large cruises banned in Canada at least until Oct 31

Large cruise ships will continue to be prohibited from operating in Canadian waters until at least October 31 because of the coronavirus pandemic, the countrys transport minister announced Friday. Transport Minister Marc Garneau said the or...

Sen. Cruz seeks federal Twitter probe as Trump feuds with company

U.S. Senator Ted Cruz on Friday urged the Treasury and Justice Departments to investigate whether Twitter, which is embroiled in a feud with the White House, is violating U.S. law by letting top Iranian officials use the social media platfo...

Officers in violent arrest to face NYPD disciplinary charges

A New York City police officer will face disciplinary charges for a violent arrest during a social distancing enforcement action that ended with him kneeling on a mans back or neck, a technique similar to the one that led to George Floyds d...

Give Feedback