The Russian hacking group known as 'Nodaria' (UAC-0056) is using a new information-stealing malware called 'Graphiron' to steal data from Ukrainian organizations.
The Go-based malware can harvest a wide range of information, including account credentials, system, and app data. The malware will also capture screenshots and exfiltrate files from compromised machines.
Symantec's threat research team discovered that Nodaria has been using Graphiron in attacks since at least October 2022 through mid-January 2023.
Stealing sensitive information
Graphiron consists of a downloader and a secondary information-stealing payload.
When launched, the downloader will check for various security software and malware analysis tools, and if none are detected, download the information-stealing component.
Some of the processes the downloader checks for include BurpSuite, Charles, Fiddler, rpcapd, smsniff, Wireshark, x96dbg, ollydbg, and idag.
The malware uses names such as OfficeTemplate.exe and MicrosoftOfficeDashboard.exe to masquerade as a Microsoft Office component on the breached system.
Its capabilities include the following:
...
...
...