Windows PC spy nasty dormant for three years, mutates and resurfaces

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
BigBoss and SillyGoose based on MM Core backdoor
Two new variants of some Windows spyware first discovered in 2013 have surfaced in targeted attacks, security firm Forcepoint warns.

The new nasties – BigBoss and SillyGoose – are based on the three-year-old MM Core backdoor. MM Core spawned a spin-off named "StrangeLove" shortly after its discovery before mysteriously becoming dormant for years.

Carl Leonard, principal security analyst at Forcepoint, said: "We've found that although MM Core's version has incremented twice, the core backdoor remains almost the same with the exception of new file and mutex names – showing that these malicious actors have been cunningly updating the malware just enough to keep their operation under the radar."

SillyGoose has been flung against organisations in the United States and Africa. The original MM Core was limited to attacks against Middle Eastern and Central Asian countries, with a particular focus on news and media, government defence, oil and gas manufacturing, and telecommunications industries.

More details of the malware can be found in a blog post here.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top