- Feb 4, 2016
- 2,520
Stolen PC locator plays double agent, say researchers
LoJack for Laptops, a software tool designed to rat on computer thieves, appears to be serving a double purpose – by seemingly working with a Russian state-sponsored hacking team.
The application allows administrators to remotely lock and locate, and remove files from, stolen personal computers. It's primarily aimed at corporate IT types who want to protect stuff that gets nicked, but anyone can use it, and it is installed by default on various notebooks.
Just recently, several LoJack executables were found to be unexpectedly communicating with servers that are suspected to be under the control of Fancy Bear, a hacking group associated with Russia's GRU military intelligence agency.
In a report published on Tuesday, security researchers at Netscout's Arbor Networks said they have found five LoJack agents (rpcnetp.exe) that point to four suspicious command-and-control domains, three of which have been associated with Fancy Bear in the past. It is feared someone has secretly backdoored certain copies of LoJack so that it acts as remote-controlled spyware for the Kremlin.
"Our analysis has revealed a small number of modified agents," said Hardik Modi, director of Arbor's Security Engineering & Response Team (ASERT), in an email to The Register. "This is consistent with a targeted operation. We're cooperating with numerous parties on this matter."