Grabit - a malware released in February 2015 has been used to steal close to 10,000 user files, leaving many small businesses vulnerable to further acts of fraud.
Grabit is said to have been delivered as a simple Microsoft Office Word (.doc) email attachment. The attachment laid host to a malicious macro entitled 'AutoOpen'. On opening the file the user would inadvertenly open a socket over TCP and send a HTTP request to a remote server that had been hacked by the group to serve as a malware hub
The researchers were not able to identify the source country of the attackers but the majority of victims were in Thailand or India, with significant numbers also found in the US and the UAE.
Researchers were able to reveal that a keylogger from one of the attacker's command-and-control servers had stolen 2,887 passwords, 1,052 email messages, and 3,024 usernames from some 4,928 different host machines at the victim SMBs. Outlook, Facebook, Skype, Gmail, Pinterest, Yahoo, LinkedIn, Twitter, and online banking accounts were all compromised.
0 comments:
Post a Comment