This advanced new malware strain leaves you practically defenceless

Hacker
Image Credit: Geralt / Pixabay (Image credit: Image Credit: Geralt / Pixabay)

An extremely potent malware, delivered in a way that’s immune to most cybersecurity measures, was discovered infecting high-profile Chinese individuals. 

Cybersecurity researchers from Kaspersky have discovered malware they call WinDealer, distributed and used by a Chinese Advanced Persistent Threat (APT) actor called LuoYu. WinDealer, the researchers say, is capable of collecting “an impressive amount” of information. It can view and download any files stored on the device, as well as run a keyword search on all the documents.

To deliver the malware to the target endpoint, the attackers perform a man-on-the-side attack, essentially hijacking in-transit network traffic.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022end of this survey

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Racing with the server

When the victim tries to access a certain resource on the internet (for example, open their LinkedIn account), they need to send a request to the server, to open the page. This request is the type of traffic that the attackers can intercept and read, and then try to deliver malicious content before the server responds with the legitimate site.

Kaspersky describes the method as a “race” with the legitimate server, the only difference being - the attacker has as many attempts to deliver malicious content as they want. In order to successfully infect a target endpoint, the attacker needs no interaction with the victim, whatsoever.

Targets are mostly high-profile organizations and individuals in China, the researchers further claim. Foreign diplomatic organizations established in China, members of the academic community, defense, logistics, and telecommunications companies, are all listed as potential targets. Besides China, Kaspersky researchers have also mentioned targets in Germany, Austria, the US, the Czech Republic, Russia, and India.

All of the targets are using Windows as their operating system of choice.

Besides being difficult to spot, the malware is also difficult to block. Usually, this type of malware contacts a command & control (C2) server for instructions, and simply blocking the IP address of the server would be enough to neutralize the threat. WinDealer, on the other hand, relies on a complex algorithm that generates IP addresses (48,000, Kaspersky says), making blocking impossible. 

The only way to defend against such an attack is to route the traffic through another network, for example with a VPN. However, having a VPN in China is easier said than done. 

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A computer being guarded by cybersecurity.
Huge cyberattack found hitting vulnerable Microsoft-signed legacy drivers to get past security
China
Chinese hackers develop effective new hacking technique to go after business networks
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
China-linked cyberespionage group PlushDaemon used South Korean VPN service to inject malware
A group of 7 hackers, 6 slightly blurred in the background and one in the foreground, all wearing black with hoods pulled up over their heads. You cannot see their faces. The hacker in the foreground sits with an open laptop in front of them. The background, behind the hackers, is a Chinese flag
China government-linked hackers caught running a seriously dangerous ransomware scam
An American flag flying outside the US Capitol building against a blue sky
US military and defense contractors hit with Infostealer malware
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 16 (game #1147)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 16 (game #378)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 16 (game #644)
Three iPhone 16 handsets on show
Apple could launch an iPhone 17 Ultra this year – but we've heard these rumors before
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough