By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

TV show and movie fans are being targeted by a malicious campaign that distributes a GoBot2 backdoor variant via files downloaded from several South Korean and Chinese torrent sites. The malware dubbed GoBotKR by the ESET researchers who discovered it is being disseminated as part of a campaign started back in May 2018, with hundreds of samples having already been detected on the compromised computers of users from South Korea, China, and Taiwan. GoBotKR has been developed to specifically target South Korean fans and this is shown by the South Korea-specific evasion techniques added to the original GoBot2 backdoor. The GoLang-based GoBotKR backdoor is built by customizing the GoBot2 malware publicly available since March 2017 and the features added using GoLang libraries get executed on compromised computers with the help of legitimate Windows binaries and "third-party utilities such as BitTorrent and uTorrent clients." After infecting a victim's PC, the backdoor allows its operators to add the compromised machine to "a network of bots that can then be used to perform DDoS attacks of various kinds (e.g. SYN Flood, UDP Flood, or Slowloris)." To do that it starts by gathering and exfiltrating system information (e.g., network and OS version info, CPU and GPU versions, and installed anti-malware solutions) to its command-and-control (C2) servers, making it possible for the attackers to cherry-pick which of the bots can be used in future attacks, among a huge list of other capabilities from executing commands and scripts to running proxy/HTTP servers. For more visit OUR FORUM.

 

GTranslate