A newly discovered Linux malware dubbed 'DISGOMOJI' uses the novel approach of utilizing emojis to execute commands on infected devices in attacks on government agencies in India.
The malware was discovered by cybersecurity firm Volexity, which believes it is linked to a Pakistan-based threat actor known as 'UTA0137.'
"In 2024, Volexity identified a cyber-espionage campaign undertaken by a suspected Pakistan-based threat actor that Volexity currently tracks under the alias UTA0137," explains Volexity.
"Volexity assesses with high confidence that UTA0137 has espionage-related objectives and a remit to target government entities in India. Based on Volexity's analysis, UTA0137's campaigns appear to have been successful," continued the researchers.
The malware is similar to many other backdoors/botnets used in different attacks, allowing threat actors to execute commands, take screenshots, steal files, deploy additional payloads, and search for files.
However, its use of Discord and emojis as a command and control (C2) platform makes the malware stand out from others and could allow it to bypass security software that looks for text-based commands.
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
