Adobe Vulnerability: Hackers Target 23 Countries via MiniDuke Malware

In a report published by Kaspersky Lab and Cryptography and System Security(CrySyS) said that hackers targeted dozens of government owned computers in Ireland, Portugal, Czech Republic and Romania by a malicious malware known as MiniDuke.


Fireeye about a week back, announced a new malware threat by the name of “Adobe Reader 0-day”. Since the induction of this new malware some unusual attacks in the world of internet has been observed. In response, some of these leading security labs have found some significant aspects of this malware which include:

The first and foremost is that the malware is still around the world of internet. According to the researcher, this malware was professionally and wisely planned out by the programmers. The victims were left with no clue of them being trapped the cyber criminals. They choose the PDFs the root cause for the spread of the malwares, the most interesting fact was that the PDFs contained highly matured content there was no spammy content in the PDFs to give an idea of what was going on to the victim.

Once the system has been exploited by the PDF file a small downloader is secretly installed into the system. This downloader is really tiny i.e. 20 kb which is designed to exploit the unique fingerprint of the system which the downloader finds out via some mathematical calculations. The data is used for encrypting communications in the system later on. If everything goes well, the part of the operation begins. The malware opens twitter through some specified accounts which are made through Miniduke’s command and control operators. The malware here looks for tweets having tags containing malicious urls. These urls allow additional data to be transferred into the system via GIF files.

After a complete analysis over the malware the researcher came to know that the malware’s system was really flexible. It doesn’t really required Twitter to work properly or even the twitter accounts, it could all be done Google search too.Meaning it can easily work over two different web places to carry out its functions.


The malware becomes fully in operation when GIF iles are installed into the system, through it malware can have full control over the system and can fully destroy the victim’s system by carrying out the actions it is designed for. Such destruction is due to the connecting of the malware to two of its server in Panama and Turkey, which allows the attackers to control the system manually.

Till now 59 victims has affected through this malware living in 23 different countries:

Belgium, Brazil, Bulgaria, Czech Republic, Georgia, Germany, Hungary, Ireland, Israel, Japan, Latvia, Lebanon, Lithuania, Montenegro, Portugal, Romania, Russian Federation, Slovenia, Spain, Turkey, Ukraine, United Kingdom and United States.

Related Posts