Hackers deliver Kelihos to users sympathetic to Russian ’cause’

Playing off of the conflict in Ukraine, Russian hackers are installing malware on victims’ machines via links found in spam messages purporting to support the Russian cause, researchers at Bitdefender Labs reported in a Tuesday blog post.

Believing that they are taking a stand against the U.S. and Western governments by downloading software, users who click on the malicious links instead receive a trojan and unwittingly join the Kelihos botnet — discovered four years ago and also known as Hlux — that further spreads malware that can steal their data.

According to Bitdefender, the trojan drops three clean files — npf_sys, packet_dll and wpcap_dll — that are used to monitor traffic.

Once it has infected a user’s computer, Kelihos demonstrates a versatile array of capabilities, including communicating with infected computers, stealing bitcoin wallets and sending spam emails.

Read the Full Article: Source – SC Magazine

source not found

Related Article

Leave a Reply