Blackgear Cyber Espionage Campaign Abuses Blogs, Social Media Posts

Blackgear is a previously detected cyber espionage campaign that dates back to 2008. The malware has been known to target organizations in Japan, South Korea and Taiwan, with the targets primarily being public sector agencies and high-tech companies.

According to Trend Micro reports from 2016, the malware campaigns were aimed at Japanese organizations where various malware tools were deployed, such as the Elirks Backdoor. The continuous attacks and persistence of Blackgear campaigns point that the cybercriminal operators are well-organized have developed their own tools which are periodically updated and “fine-tuned” as noted in a recent cybersecurity report.

Blackgear Malicious Characteristics

A notable characteristic of Blackgear is the degree to which its attacks are taken to evade detection, abusing blogging, microblogging, and social media services to hide its command-and-control (C&C) configuration“, Trend Micro said. This technique, which is different than the usual practice of embedding the command and control details within the malware helps the malicious operators to quickly change their C&C servers whenever it is needed. This clever tactic enables the criminals to run their campaigns for as long as they wish.

Apparently, Blackgear has been using the Marade downloader together with a version of Protux in its latest operations. While analyzing these malicious samples, the researchers found their encrypted configurations on blog and social media posts which may be an indication that the malware tools were crafted by the same cybercrime gang.

To better understand the workings of the most recent Blackgear attacks researchers correlated the tools and practices the criminals used against their targets. Here is how the attack chain of Blackgear goes around:

  • The attackers use a decoy document or fake installer file, which is spread via spam email to trick a potential victim into (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | authored by Milena Dimitrova. Read the original post at: