A NEW TRUVA HORSE HAS BEEN DETERMINED IN POPULAR APPLICATIONS AS WHATSAPP AND CCLEANER.
Bitdefender Antivirus protects more than 500 million users worldwide, a recently discovered strongpity'n hacker group that victims have been targeted in Turkey and Syria. Using the "watering hole" attack technique, the hacker group easily logs on users ' computers trying to install software such as WhatsApp, Ccleaner, Recuva and TeamViewer, and collects and sends files to the infected computer.
BitDefender antivirus researchers have recently found strongpity'n group of victims in Turkey and Syria that target. Using "watering hole" tactics to infect victims and implement a three-layer C&C infrastructure to prevent judicial investigations, the APT group can turn archives, file recovery applications, remote connection applications, utilities, and even security software into Trojans.
Gathering and Exporting Files to Computers Infected
According to Bitdefender Antivirus, the first known attacks on StrongPity took place in October 2016. In these attacks on Italy and Belgium, the "watering hole" tactics were again tried, and infected versions of software such as WinRAR and TrueCrypt were used to take over the systems. In this attack method, a "watering hole" attack occurs while users download software from the official website or access the systems via HTTP forwarding. The same method has also been followed by attacks on Turkey and Syria. Users who try to install software such as WhatsApp, CCleaner, Recuva and TeamViewer can easily log in to their computers. It collects and sends the files on the infected computer.
Interestingly, all the files investigated seem to have been compiled from Monday to Friday from 9 to 6 working hours. This supports the idea that StrongPity can be a full-time sponsored software company to run various projects.
Users in target groups in Syria and Turkey
Hackers who access systems have even set up a search device to find certain files, especially MS Office documents. After the stolen files are converted to a ZIP file, they are converted to many small encrypted files with the.sft extension and sent to the C&C server. Then the disk is completely erased and all traces are removed. The group 's goal is currently in Turkey and Syria, although Colombia, India , Canada and Vietnam have previously organized several attacks on Firefox, vpnpro, driverpack and 5kplayer.
It even checks if there is Bitdefender Antivirus on the computer thanks to the fake Firefox software it uses.
The data collected by Bitdefender Antivirus researchers while examining this group show that the attackers have settled in the geopolitical context of the constant conflicts, especially in Syria. The attacks, Turkey's Peace Fountain of his time in Syria coincided with Operation.
For more details on the attack of the StrongPity hacker group, you can check out the white paper below.