North Korea Accused of Spreading Another Trojan
The US government has issued a warning about a new malware used by North Korean hackers. A report made by analysts from the Department of Homeland Security and the Federal Bureau of Investigation, states that the malware, dubbed HOPLIGHT, was created by the hacker group Hidden Cobra and is a very powerful backdoor trojan. After infection, the malware collects information about the target device and sends data to a remote server. The trojan can also receive instructions from its command and control server (C&C) and, as a result, perform certain operations on infected hosts. According to the report, HOPLIGHT is able to read, write and move files, create, start or stop services, embed codes in them, change registry settings, connect to remote hosts, download files, etc. Trojan also uses a built-in proxy application to disguise interaction with a remote command and control server.
“The proxies have the ability to generate fake TLS handshake sessions using valid public SSL certificates, disguising network connections with remote malicious actors”, analysts write.
The report also mentions the availability of digital signatures for nine files. None of the files has been previously studied. The spread of HOPLIGHT can cause great damage to a wide range of different areas, so do not neglect to strengthen the security systems to avoid undesirable effects. We want to remind you: Subscribe to The Coin Shark news in Facebook: