A Cartoon Malware Casper is targeting Syria. The espionage malware used the same Modus Operandi as Babar and Bunny, says ESET researcher.
The espionage group behind the notorious eaves-dropping cartoon malware strikes again. After Bunny and Babar the Elephant,the cyber criminals have developed their latest piece of malware – Casper. This first-stage reconnaissance tool is able to send a detailed report about the victim’s infected machine to its controller.
For the first time Casper was detected in mid-April 2014, when infecting a few victims in Syria. To pull this off, the attackers used zero-day exploits against the Flash application taking advantage of CVE-2014-0515 vulnerability. This information has helped cyber criminals to learn the details about the infected machine in order to decide about the next steps, all without being noticed.
Joan Calvet, Malware Researcher at ESET said, “Interestingly, these exploits were hosted on a website belonging to the Syrian Justice Ministry jpic.gov.sy. This website was created by the Syrian government to allow Syrian citizens to send in complaints. It is still up, but it has been cleaned. Moreover, the Casper controller itself was also hosted on this website, and there were plugins deployed which are executed on the machine”.
Based on the observation and analysis of the malware, ESET researchers were able to confirm that the code matches the one used in Babar and Bunny malware. But Casper has gone a step further, adapting its strategy depending on which antivirus runs on the target machine. That is why practically no anti-virus or internet security software was able to detect it, except ESET LiveGrid®. Despite its sophistication, the malware was used only to target a very few people, all located in Syria.
The malware targets directly the visitors of the Syrian Justice Ministry website but also those arriving from other locations. This makes the researchers feel that Bunny, Babar and Casper were all developed by the same organization.
The cartoon malware casper exploits the same human weaknesses to get itself propagated. Cartoons characters are particularly close to people. Another thing which encourages malware makers create malicious codes is the footfalls. If certain online property has more visitors, it pays to infect that property. The cartoon malware casper is made to exploit these traits. Ever since religious cartoons started rattling people, we have also started seeing crooks creating malwares to exploit that hate.