Multi-platform spyware tracks users across Windows and Android
Researchers believe the spyware was delivered as part of a sophisticated campaign
While investigating an ongoing malware campaign, cybersecurity researchers have discovered new spyware with variants that work on both Android devices and Windows computers.
Named Chinotto, the malware was discovered by researchers at Kaspersky, who believe it is being used by a state-sponsored threat actor known as ScarCraft to keep tabs on North Korean defectors, journalists who cover North Korea-related news, and others.
“The actor utilized three types of malware with similar functionalities: versions implemented in PowerShell, Windows executables and Android applications….Therefore, the malware operators can control the whole malware family through one set of command and control scripts,” note the researchers.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
The investigations revealed that the threat actor distributed the malware through a spear-phishing attack, which they perpetrated after compromising acquaintances of the victim using stolen social media or email credentials.
Potent spy
The investigations revealed that, while the current campaign began some time in March 2021, there were several older variants of the malware dating back to mid-2020.
After compromising a host, the threat actors unleashed multiple malware strains to gain control over the host. Interestingly, in one instance, they waited a good six months after compromising a host before deploying Chinotto.
Based on their analysis of Chinotto, the researchers believe that it not only enables attackers to spy on their victims via screenshots, but can also give them the ability to control the compromised devices, open a backdoor to exfiltrate data, and install additional malware.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Furthermore, the investigation revealed that the attackers fiddle around with the capabilities of the malware in what appears to be an attempt to thwart traditional signature-based detection.
- Shield yourself online with these best identity theft protection services, and ensure your computers are protected with these best endpoint protection tools
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.