F-Secure Identifies CosmicDuke as the New Menace to the Digital Life

CR Team | Monday, 07 July 2014, 07:15 IST

New Delhi: The backdoor named ‘MiniDuke’ which was identified as a malicious threat by F-Secure (OMX: FSC1V) in 2013 has now been discovered in a chain of attacks against NATO and European government agencies. During the MiniDuke analysis and compilation timestamps, it was also found that Cosmu family of information-stealers was using the same loader as MiniDuke Stage 3 and it was also spotted as the original user of common shared loader.

F-Secure which started its journey as Data Fellows in 1988, renamed itself as F-Secure in 1999.  The Finland based brand is an anti-virus, cloud content and computer security company and has a current market cap of $447.04 million. As per the company’s report Cosmu family is claimed to be the first one to share codes with MiniDuke and it had shaped out a pesticide named CosmicDuke by incorporating MiniDuke-derived loader and Cosmu-derived payload.  The leading anti-virus vendor also spotted that the file names in CosmicDuke has references to the countries of Ukraine, Poland, Turkey, and Russia.

The CosmicDuke is backed up with keylogger, clipboard stealer, screenshotter, password stealers and other malicious programs which enable an easier mode of collecting the information from chats, e-mails and web browsing programs. CosmicDuke can also export cryptographic certificates and the associated private keys. The gathered information is sent to other remote servers through FTP and there is also a possibility of downloading and executing other malware on the system.

CIOTechOutlook TV