WikiLeaks Turkish AKP Email Dumps Contain Malware; Researcher

Last month Wikileaks published emails stolen from Turkish ruling party AKP — Now, a researcher has presented a report showing the AKP emails contain malware attachments!

A security researcher, Vesselin Bontchev, claims to have found malware in several downloadable files in the leaked data dump published by WikiLeaks from the Turkish ruling party (AKP) server.

The Bulgaria-based researcher uploaded his analysis on Github that shows hundreds of AKP emails contain malware attachments. For those who are not familiar with WikiLeaks AKP data dump, in July 2016 a hacker going by the online handle of Phineas Fisher claimed responsibility for hacking into the email server of AKP (Justice and Development Party) and stealing a trove of data which was later shared with WikiLeaks.

WikiLeaks published the data after the failed military coup last month. Bontchev’s research is a lesson for users: ”be careful what you download from the Internet.” More details on the AKP breach are available on Softpedia.

Bontchev divided his analysis into three columns where ”the first column contains a link to the e-mail on the Wikileaks site that contains the malicious attachment. The second column contains the URL on the Wikileaks site where the malicious attachment to this e-mail message resides while the third column contains links leading to a VirusTotal page, showing how the different scanners are reporting the malware,” according to his Github report.

Upon scanning the first link (F36CB35F410AB65958A6CCA846737A9C) on VirusTotal; the result shows that the link contains Trojan.GenericKD.3250120, a ransomware that encrypts files stored on the affected device and demands payment of a ransom.

The scanned attachment also contains Trojan/ Win32.Agent.N2005930713 developed to target Windows users. That’s not all; the file also contains Backdoor.W32.Androm!c, a backdoor trojan with RAT capabilities that allows attackers to gain unauthorized access and control of an affected computer. The full list of malicious files detected in just one email attachment can be seen in this screenshot below:

To view complete scan results it is highly recommended to view Bontchev’s presentation on Github.

Important message for journalist and researchers: 

If you are a journalist, reporter or a researcher, Mr. Bontchev has mentioned that it is safe to view AKP emails, however, downloading attachments are not advisable. If you have already downloaded the data and executed on your device you should do a full scan as it is quite possible that your online activities are being monitored by a third party.

This is not the first time that WikiLeaks has published files containing malware. In September 2015, an autonomous data researcher, Josh Wieder, found malware in the files stored in The Global Intelligence Files section.

Remember, downloading attachments from unknown emails can cause you a lot of problems, for your own safety and security DON’T download attachments from publicly available data!

Related Posts