this post was submitted on 16 Jun 2024
82 points (98.8% liked)

Cybersecurity

5964 readers
95 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago
MODERATORS
 

A newly discovered Linux malware dubbed 'DISGOMOJI' uses the novel approach of utilizing emojis to execute commands on infected devices in attacks on government agencies in India.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 30 points 7 months ago

OP didn't bother to write it, so I will. The infection vector is an executable distributed through mail, targeting computers of the Indian government.

According to Volexity, the malware was discovered after the researchers spotted a UPX-packed ELF executable in a ZIP archive, likely distributed through phishing emails. Volexity believes that the malware targets a custom Linux distribution named BOSS that Indian government agencies use as their desktop.

When executed, the malware will download and display a PDF lure that is a beneficiary form from India's Defence Service Officer Provident Fund in case of an officer's death.

However, additional payloads will be downloaded in the background, including the DISGOMOJI malware and a shell script named 'uevent_seqnum.sh' that is used to search for USB drives and steal data from them.

When DISGOMOJI is launched, the malware will exfiltrate system information from the machine, including IP address, username, hostname, operating system, and the current working directory, which is sent back to the attackers.

To control the malware, the threat actors utilize the open-source command and control project discord-c2, which uses Discord and emojis to communicate with infected devices and execute commands.

The malware will connect to an attacker-controlled Discord server and wait for the threat actors to type emojis into the channel.