Published On: Fri, Jul 4th, 2014

Malignant PDF files threat for security: F-Secure report

F Secure

F-Secure known as a global security leader has discovered a series of attacks against NATO and European government agencies. The backdoor called the ‘MiniDuke’ identified by F-Secure labs analysed that another malware from the same family was using the same loader as the MiniDuke stage 3. The malware which is belongs to the Cosmu family and has originally used common shared loader. The findings further highlight that, the loader was updated at a particular time and both the malware families used the updated loader. It was observed that Cosmu shared the code with MiniDuke, so it was decided to name the samples showing this amalgamation of MiniDuke-derived loader and Cosmu-derived payload as CosmicDuke.

As per the findings by F Secure CosmicDuke infections start by misleading the targets into opening either a PDF file that consist of exploit or a Windows executable which appears with a changed file name and gives an impression of a document or image file. The moment target opens the file, the malware gains authority on the system and starts collecting valuable information. Keylogger, clipboard stealer, screenshotter and password stealers e-mail and web browsing programs are the components which are collected by the malware. Along with this it also collects the information present on the system and exports cryptographic certificates and private keys.

After this entire process, the collected data is then sent to the remote servers through FTP. Along with the stealing of valuable information from the authorised system, CosmicDuke further enables the attacker to download and execute other malicious files on the system. It was also observed that CosmicDuke’s attack files contained references from Ukraine, Poland, Turkey and Russia.

About the Author

Heena Gupta

- A reader at heart, this girl loves to express through writing. Her ears perk up as soon as she senses any tech molecule in the air. With the ability to use and navigate typical technologies she becomes a complete tech enthusiast. This post graduate in Mass Communication lives in the world of gadgets. Fiction, history and cartoons keep her busy in the free time. Her urge to grow mixed with excellent writing skills forces us to have her as a part of our workforce.

  • Get Livefyre
  • FAQ

Malignant PDF files threat for security: F-Secure report