Last month, security software provider CyberX discovered a large-scale malware campaign targeting a wide range of industries. The campaign, named Operation BugDrop, is described by CyberX as a “well-organized operation that employs sophisticated malware” to capture large amounts of sensitive organizational data.
The researchers said that the attacks have affected more than 70 organizations, most of them in Ukraine. The affected organizations so far include crude oil companies, human rights groups, scientific research centers and Ukrainian news outfits. The group did not say that the attacks are restricted to Ukrainian organizations however, which means those from other countries are also vulnerable as well.
The BugDrop malware
Operation BugDrop is said to involve a malware strain that can:
Capture user data
The malware allows hackers to capture sensitive user data on an infected device. It can set up the device’s microphone so that hackers can capture audio recordings and eavesdrop on victims. It can take screenshots and capture the keystrokes of the user, allowing hackers to obtain sensitive information such as usernames and passwords. It can also capture browser data and processing data. Like most malware processes, all of these take place without the victim knowing about it.
Exfiltrate data from Dropbox
Aside from capturing audio recordings, screenshots and keystrokes, which it extracts from a device as files, the malware can also steal documents and other files on an infected device. It uses Dropbox as a channel for exfiltrating data, allowing it to utilize the program’s resources to easily transfer data and avoid detection.
Employ reflective DLL injection
The malware not only steals user data and files, it can also mess up the device’s programs. Through a technique called DLL injection, perpetrators can force other running processes to load infected dynamic-link library (DLL) files, which are files containing specific code that multiple processes can share, to make the programs work in ways that are not intended by their authors.
Encrypt DLLs to avoid detection
The malware is capable of encrypting the files that it uses in DLL injections to avoid detection. DLL injection enables perpetrators to subtly alter the processes of programs. With encryption, it makes it harder for the system to detect malicious DLL files.
Use free web hosting sites as C&C
The malware can establish Command and Control (C&C) servers using free web hosting sites. This allows it to create as many C&C servers as it can, which not only makes running code and executing other commands more efficiently, but also makes it easier to avoid detection. Multiple C&C server allow deadlier attacks, which makes BugDrop more dangerous.
According to the researchers, more than 600 gigabytes of sensitive data have already been captured by the perpetrators so far. If you want to protect yourself from becoming infected, you need to improve the security of your device. One way to do this is by installing an malware protection VPN.
Hotspot Shield malware protection VPN
Hotspot Shield is a malware protection VPN for Windows, Android, OS X, iOS, Chrome and Firefox. It blocks websites and links that are known to host malware strains to preventing infections, which it does using a malware database that is updated regularly. To learn more about the security features of this malware protection VPN, visit this page.
Don’t let Operation BugDrop steal your data. Download Hotspot Shield malware protection VPN now and enjoy safer and more enjoyable online sessions!
Get more online security, anonymity, and content access tips by reading our other blog posts!