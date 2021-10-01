Virtual spies are using a new Windows compatible rootkit to hack into Southeast Asia government and telecom operator systems.

Android virus steals users after infecting more than 93 millions of devices

Solution Digital Access Promise to Lower Risks of Ransomware Attacks

Update Now! Chrome releases fix for critical security flaw

The Demodex rootkit was used by cybercriminal group GhostEmperor, according to Kaspersky researchers, as a backdoor, in other words, a malware used to gain remote access and control of a system.

Rootkit is a software, most of the times malicious, created to hide or camouflage the existence of certain processes or programs of normal detection methods and allow exclusive access to a computer and its information.

Want to catch up on the best tech news of the day? Go and subscribe to our new channel on youtube, Canaltech News. Every day a summary of the main news in the tech world for you! Kaspersky researchers found no similarity in Demodex with other known Windows rootkits 18, and speculate that this malicious tool has been used by the GhostEmperor group since July 660. Scheme depicting how the GhostEmperor group’s attack is carried out. (Image: Reproduction/Kaspersky) The rootkit is used, according to the report, for the gang to gain access to the companies’ systems, and then, from the exploitation of vulnerabilities present in server programs such as Apache, Windows IIS, Oracle and Microsoft Exchange, data such as documents, registry keys and network traffic are collected. Finally, according to Kaspersky researchers, the attacks made by the GhostEmperor group also make use of a sophisticated malware network that allows remote control of the attacked servers. The GhostEmperor group

According to the report released by Kaspersky, the majority of attacks carried out by the GhostEmperor group targeted telecommunications operators and government organizations in countries such as Malaysia, Thailand, Vietnam and Indonesia, with a few reported occurrences in Egypt, Ethiopia and Afghanistan.

For Kaspersky researchers, this group of criminals has demonstrated an enormous ability to remain hidden for months, and also its technical ability when adapting the Demodex rootkit for Windows , plus a deep understanding of the mind of digital security experts.

Finally, the conclusion that Kaspersky researchers they arrived when and rootkits should still be considered as a possible tactical, technical, and procedural (TTP) option used by criminals for cyber attacks.

More information about GhostEmperor group methods and about the Demodex rootkit can be found in the Kaspersky report, available here.

Source: BleepingComputer, Kaspersky