ESET researcher analyzesCasper, the latest espionage malware by acybercrime group responsible for Babar and Bunny
MUMBAI, India – March 9, 2015 – The espionage group behind the in famous eaves dropping cartoon malware strikes again. After Bunny and Babar the Elephant, the cyber criminals have developed their latest piece of malware – Casper. This first-stage reconnaissance tool is able to send a detailed report about the victim’s infected machine to its controller.
For the first time Casper was detectedin mid-April 2014, when infecting a few victims in Syria. To pull this off, the attackers used 0-day exploits against the Flash application taking advantage of CVE-2014-0515 vulnerability. This information has helped cyber criminals to learn the details about the infected machine in order to decide about the next steps − all without being noticed.
Joan Calvet, Malware Researcher at ESET said, “Interestingly, these exploits were hosted on a website belonging to the Syrian Justice Ministry jpic.gov.sy. This website was created by the Syrian government to allow Syrian citizens to send in complaints. It is still up, but it has been cleaned. Moreover, the Casper controller itself was also hosted on this website, and there were plugins deployed which are executed on the machine“.
Based on the observation and analysis of the malware, ESET researchers were able to confirm that the code matches the one used in Babar and Bunny malware. But Casper has gone a step further, adaptingits strategy depending on which antivirus runs on the target machine. That is why practically no anti-virus or internet security software was able to detect it, except ESET LiveGrid®. Despite its sophistication, the malware was used only to target a very few people, all located in Syria.
The malware targets directly the visitors of the Syrian Justice Ministry website but also those arriving from other locations. “This level of code sharing leads us to conclude with a pretty high confidence that Bunny, Babar and Casper were all developed by the same organization,” adds Calvet.
Read more about ‘Casper: After Babar and Bunny, Another Espionage Cartoon‘ in a detailed analysis by ESET research team on WeLiveSecurity.com
# # #
Founded in 1992, ESET is a global provider of security solutions for businesses and consumers. ESET’s flagship products ESET NOD32 Antivirus, ESET Smart Security and ESET Cyber security for Mac are trusted by millions of global users. ESET NOD32 Antivirus holds the world record for the number of Virus Bulletin “VB100” Awards, and has never missed a single “In-the-Wild” worm or virus since the inception of testing in 1998.
The Company has global headquarters in Bratislava (Slovakia), with regional distribution headquarters in San Diego (U.S.), Buenos Aires (Argentina), and Singapore. ESET has malware research centers in Bratislava, San Diego, Buenos Aires, Prague (Czech Republic), Krakow (Poland), Montreal (Canada), Moscow (Russia), and an extensive partner network in 180 countries.
In India ESET products are exclusively supplied and supported by “ESS Distribution Pvt Ltd”.The sales of ESET products are executed through the Channel Partners across India. Website: www.esetnod32.in