|Photo by: Tobias_ET via Pixabay|
Cybersecurity solutions provider Comodo Threat Research Labs’ security researchers recently spotted a new form of malware called Lebal that that has targeted various high-profile entities such as government organizations, 23 private companies, and five universities. These entities, though, were not named by Comodo nor were their locations specified.
The security researchers claimed that Lebal malware concealed their malicious payload in various layers. Instead of the usual deployment of malware via email attachments, the malware developers opted to create a complicated chain in order to bypass the technical security, and it eventually managed to cheat normal human vigilance, said Comodo.
In a blog post, the Comodo analysts described that the attacker used a phishing email in the form of a FedEx message, claiming that the courier service could not deliver their package because it already exceeded the free-delivery limit. Then, it encouraged the user to just physically collect the package at the nearest FedEx outlet and to click on the download link so they can print out the required attachment in receiving the supposed parcel.
The malicious download link itself is disguised on Google Drive, but as the user clicks on the link, it opens to the hacker’s website, where the “Lebal copy.exe" file pops up for a download.
“These tricks were able to deceive many users,” wrote Comodo. The team explains that as the malware is downloaded, it detects the OS version of the device and the apps running on it. After which, it can already steal the user’s private data, credentials, and cookies. Comodo claimed that the attack was provided from an IP address located in Brazil.