• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 28th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

Fake EFF Website Found Targeting Users with Espionage Malware

August 28th, 2015 Waqas Malware, Security 0 comments
Fake EFF Website Found Targeting Users with Espionage Malware
Share on FacebookShare on Twitter

A website domain has been discovered by Google’s cyber-security team to be impersonating the Electronic Frontier Foundation (EFF).

Registered on August 4, 2015, electronicfrontierfoundation.org has since been targeting unknown victims with a spear phishing attack and spreading malware into their systems.

[must url=”https://www.hackread.com/fake-bbc-website-lures-victims-with-charlie-hebdo-misinfo/”]Fake BBC Website lures victims with Charlie Hebdo misinformation[/must]

fake-eff-website-serving-malware

Unfortunately, the domain seems to play a small part of a targeted malware campaign, which has been dubbed as ‘Pawn Storm’ by Trend Micro, in their October 2014 report (pdf). Although the campaign gained ground only over a month ago, the team behind the attack has been active since 2007 and is suspected to have strong ties with the Russian government.

The malware is delivered to unsuspecting victims by exploiting a new Java vulnerability, the first zero-day in almost two years. A spear phishing email redirects the victim to a specific sub-page on the domain, which then invokes a harmful Java applet to deliver the malware and retrieve a payload. After the attack is complete, the sub-page is disabled to prevent cyber-security officials to trace its source.

Example:

http://electronicfrontierfoundation (dot) org/url/{6_random_digits}/Go.class

The App.class comprises of the malicious code and is bootstrapped and executed by the Go.class. By exploiting the Java bug, the App.class deploys an executable, second stage binary (Cormac.mcr) in the victim’s root directory. Notably, the binary can also be used on Mac or Linux based systems, owing to its compatibility with *nix environments.

It has been determined that the malicious domain and malware (named Sednit) have a lot of commonalities with the other attacks under the ‘Pawn Storm’ banner. Sednit installs and runs a DLL file in Windows systems and tethers it to a command and control server. The attacker then executes unfriendly programs, like keyloggers, in the system.

Some cyber-security researchers have noted that Pawn Storm attacks use custom malware and have targets that are strikingly similar to the Sednit and Sofacy malware campaigns, initiated by the Advanced Persistent Threat group 28 (APT28). APT28 has previously been linked to the Russian government in a paper by FireEye, a security firm who compared the sophistication of the attacks and the choice of victims to arrive at the conclusion.

Although the victims of the current EFF attack are currently unknown, APT28’s previous breaches were against U.S. Defence contractors, White House staff members, Russian journalists and NATO officials.

Since the exploit was discovered, the domain has been reported and the bug patched by updates from Oracle. However, this attack is a harsh reminder to be wary of phishing emails and improve our personal security.

So, it’s eff.org, NOT electronicfrontierfoundation.org.

Report typos and correction to admin@hackread.com

[src src=”Via” url=”https://www.eff.org/deeplinks/2015/08/new-spear-phishing-campaign-pretends-be-eff”]EFF[/src]

[src src=”Source” url=”https://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-pawn-storm.pdf”]Trend Micro[/src]

  • Tags
  • EFF
  • espionage
  • Malware
  • Pawn Storm
  • Russia
  • Spying
  • virus
  • website
Facebook Twitter LinkedIn Pinterest
Previous article Samsung Smart Refrigerator Hacked, Left Gmail Login Credentials Vulnerable
Next article Scientists Working on Robots Equipped with Self-Cloning Capability
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
World's Most 'Resilient Malware' Botnet Emotet Taken Down

World's Most 'Resilient Malware' Botnet Emotet Taken Down

Top Cybersecurity Threats to Watch in 2021

Top Cybersecurity Threats to Watch in 2021

Database of 176 million Pakistani mobile phone users sold online

Database of 176 million Pakistani mobile phone users sold online

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
NetWalker ransomware disrupted - Cryptocurrency and domain seized
Cyber Crime

NetWalker ransomware disrupted - Cryptocurrency and domain seized

50
Transferring Whatsapp data from iPhone to Android with MobileTrans
How To

Transferring Whatsapp data from iPhone to Android with MobileTrans

31
World's Most 'Resilient Malware' Botnet Emotet Taken Down
Cyber Crime

World's Most 'Resilient Malware' Botnet Emotet Taken Down

94

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us