Targeting Major Travel Agencies and Large Financial and Legal Institutions with New Malware #Kaspersky
Kaspersky experts managed to identify a version of the malware (Janicab) with new capabilities being used by the (DeathStalker) group,
which specializes in advanced persistent threats, to infiltrate specific institutions across multiple sectors.
The new version was detected in Europe and the Middle East and was found to use certain legitimate web services, such as YouTube, as part of its infection chain.
For example, a Janicab infection can lead to targeted logistical and legal challenges,
boosting the position of competitors,
and triggering surprise audits that may reveal bias and intellectual property misuse, making the damage distinct from that caused by traditional attacks such as digital extortion or ransomware.
Janicab is a modular malware written in an interpreted language, which means attackers can add functionality, embed files, or remove them without much effort.
From Kaspersky's remote analysis, it is clear that the latest version of (Janicab) has undergone significant changes in its structure — the archived version contains multiple files written in Python, and later in the hacking process, other parts are used.
This occurs despite the fact that the phishing process remains effective. Once the victim is deceived into clicking on the file, a sequential and repeated chain of downloads and loading of those malicious files takes place.
Also:
One of the distinguishing characteristics of DeathStalker is that it uses a DDR service, or a web service, to host encrypted strings that are subsequently decrypted by the malware implants.
According to a new report, Kaspersky was able to identify the use of old YouTube links found in the 2021 breach. Because unlisted pages are difficult to identify, the group was able to operate covertly and repeatedly used links to the command-and-control infrastructure.
The affected businesses that fall within the traditional domain of DeathStalker are primarily legal, financial, and investment firms.
However, Kaspersky has also recorded activity against travel agencies.
Europe and the Middle East are considered the group's primary operating regions, though the level of activity varies between countries in both regions.
Dr. Amin Hasbini, Head of the Middle East, Turkey and Africa Research Center at the Global Research and Analysis Team at Kaspersky, stated that it is safe to assume that the primary goal of the DeathStalker group is to steal confidential information.
Also:
Legal disputes involving high-profile individuals and large financial assets, as well as commercial information affecting competitiveness and merger and acquisition information, given that legal and financial institutions are “the common target of this group”.
Hasbini added: “Organizations operating in these regions must prepare for such breaches and update their threat models to ensure data remains secure”.
Given the group's continued use of interpreted-language-based malware such as Python, VBE, and VBS in recent hacking attempts,
affected organizations should rely on application whitelisting and operating system hardening as effective methods to prevent infiltration attempts.
Security agencies should also watch for Internet Explorer browser processes running without a user interface, as Janicab uses the browser in stealth mode to communicate with the command-and-control infrastructure.
And with that, dear friend, we have successfully completed our mission 
With greetings from the #Ezznology team
Find what interests you on #our store
To subscribe to our newsletter on Google News, click here 👇👇
or scan the QR code
