MiniDuke malware spies on governments
MANILA, Philippines - There's a new malicious program out in the wild, and researchers believe the program is being used to spy on government entities and institutions worldwide.
Kaspersky reports the program, called MiniDuke, is installed in computers through of a PDF exploit in Adobe Reader. Kaspersky's findings indicate computers were infected through social engineering, with malicious PDFs that appeared like relevant government information being set up with exploits to attack Adobe Reader 9, 10, and 11.
The exploit allows for installation of a 20kb downloader that encrypts its communications, then uses Twitter or Google Search without the user's knowledge, searching for tweets from pre-made accounts or the links that will that act as the controls for the program, which are downloaded and look like .gif files on the machine.
Once downloaded to the machine, the announcement adds the malware "can download a larger backdoor that carries out several basic actions, such as copy file, move file, remove file, make directory, kill process, and, of course, download and execute new malware."
Kaspersky notes the malware backdoor "connects to two servers, one in Panama and one in Turkey, to receive instructions from the attackers," with 59 unique victims in 23 countries, including the United States, Germany and the United Kingdom. - Rappler.com