Malware News Hospital info thief malware puts itself into a coma to avoid IT bods

tim one

Level 21
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Jul 31, 2014
1,086
Software nasty also uses steganography to inject poison payload

A Trojan targeting US healthcare organizations attempts to avoid detection by going to sleep for prolonged periods after initial infection, security researchers warn.

Symantec estimates that thousands of organizations have been hit by the Gatak Trojan since 2012. The malware is programmed to spread aggressively across an organization’s network once it gets a foothold.

The healthcare sector in particular has been disproportionately targeted – of the top 20 most affected organizations with the highest number of infected computers, 40 per cent were in the healthcare sector, Symantec reports.

Selling healthcare records is a growing trade on cybercrime forums. This could explain the attackers’ heavy focus on the healthcare sector.

Gatak reels in victims through websites promising product licensing keys for pirated enterprise software packages (backup, 3D scanning software, etc). These supposed software license key generators (keygens) actually come packed with malicious code.

The software nasty also spreads to a lesser extent using watering hole attacks (where the instigator infects websites that members of the group are known to visit).

The malware creates a backdoor on compromised machines before stealing information. Hackers are known for leveraging the malware to break into machines on associated networks, probably using weak passwords and poor security in file shares and network drives.

“In some cases, the attackers have infected computers with other malware, including various ransomware variants and the Shylock financial Trojan,” Symantec reports. “In the case of Shylock, these appear to be older versions of the threat and might even be 'false flag' infections.

“They may be used by the group when they believe their attack has been uncovered, in order to throw investigators off the scent,” it adds.

The malware downloads instructions from pre-programmed URLs. These instructions are hidden in image files using steganography, a technique for hiding data within image files. ®
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top