FBI and US Department of Homeland security representatives are vigilantly supervising actions of Korean programmers from HIDDEN COBRA band that threat to hack millions of computers around the world.Recently specialists from these institutions reported that North Korea hackers invented new dangerous computer virus that they called ELECRTICFISH.
New malware code with the use of command line can secretly obtain all necessary permissions and settings for network traffic interception and its subsequent transfer on the remote computer. In this way, hackers not only see all actions of the infected computer owner, but also get access to all authorization data.
“The malware implements a custom protocol that allows traffic to be funneled between a source and a destination Internet Protocol (IP) address”, – Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) warning says.
The malware’s primary purpose is to funnel traffic between two IP addresses.
“This type of connection, using a custom protocol instead of existing protocols like HTTP, is what we refer to as hidden tunnels and is used for command and control of remote systems, as well as for data exfiltration,”- said Chris Morales, head of security analytics at Vectra.
Experts in cybersecurity consider that this code is most dangerous for owners of business with corporate network with a variety of PC’s as in such system, even remote access to printers can become a loop for getting a virus on electronic devices.
“These malicious actors will especially use hidden tunnels in vertical markets where they are also used for approved business applications. Hidden tunnels are used by stock ticker applications commonly found in financial services firms and by cloud access service brokers (CASB) that organizations in multiple industries use”, — warn in DHS and FBI.
US specialists in cybersecurity revealed, that new virus spread on 32-bite executables for Windows, so, for prevention of infection with malware it is necessary to carefully check sources of downloading applications prior to installation. Researchers confirmed that all actions this malware performs secretly, so in case it invades the system its detection is unlikable.
Experts advise not to open doubtful emails and immediately install all released OS’s and antivirus updates.