To Customer Support To Customer Support

PlugX RAT with Time Bomb abuses Dropbox in targeted attacks

  • 27 June 2014
  • 1 reply
  • 286 views
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
By paganinip on June 27th, 2014
 

Trend Micro analyzed a targeted attack against a Taiwanese government entity which used a variant of the PlugX RAT that abuses the Dropbox service.

Researchers from Trend Micro discovered that a targeted attack against a government agency in Taiwan was conducted using a variant of the PlugX remote access tool (RAT) which abuses the popular file hosting service Dropbox. Security experts have discovered in the last years, many malware based attacks exploiting the popular PlugX, it is very cheap and friendly for attackers that can arrange easily a malicious campaign making hard the attribution of responsibility because the large diffusion of the malicious agent.
 


 
Full Article
 
 

1 reply

Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
by Gabor Szappanos on June 30, 2014
 


 
We've covered the PlugX backdoor here on Naked Security several times in the past.
There were a few variations in the distribution and deployment of this backdoor, but the end result was always the same.
 
At the end of 2013, a new variation of the PlugX backdoor appeared on the scene. Our first encounter with it at SophosLabs was in a distribution campaign which focused on exploiting the popular Japanese word processor Ichitaro.
While looking into this, we saw a single sample that broke the usual scheme. This one didn't use a signed executable for cover, not did it drop the payload into the infected system as a separate file.
 
Full Article

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.