Java ‘Icefog’ Malware Variant Infects U.S. Businesses
Beware Java-based malware that’s been used to exploit at least three US-based organizations.
That warning of a new advanced persistent threat (APT) attack campaign came via Kaspersky Lab, which said that it’s traced a malicious Java archive (a.k.a. JAR) file to eight infected systems inside three US-based organizations, which it declined to name. “Based on the IP address, one of the victims was identified as a very large American independent oil and gas corporation, with operations in many other countries,” Kaspersky Lab researchers Costin Raiu, Vitaly Kamluk, and Igor Soumenkov said in a joint blog post Tuesday. “As of today, all victims have been notified about the infections. Two of the victims have removed it already.”
The attacks have been tied to the Icefog APT attack campaign, which historically has used Windows Preinstallation Environment files to infect targets.
What’s unusual about the latest attacks is that the “Javafog” malware used by attackers was, as the name implies, written in Java. Furthermore, it includes only basic functionality, such as the ability to upload files to a designated server, as well as change the command-and-control (CC) server to which it reports. “The backdoor doesn’t do much else,” according to Kaspersky Lab. “It allows the attackers to control the infected system and download files from it. Simple, yet very effective.”
Read the full article here.
Have a comment on this story? Please click “Discuss” below. If you’d like to contact Dark Reading’s editors directly, send us a message.