Adult Dating Site Attacks Targeted Colleges With Remote Access Trojan

Aimed at students and professors at universities in the United States, this phishing campaign attempted to infect machines with the Hupigon remote access Trojan, says security provider Proofpoint.

Sex sells, as the saying goes, which is why it is always a popular area for cybercriminals to exploit. In a new campaign discovered by Proofpoint, crooks used adult dating photos as a means of infecting students with malware. In a blog post posted on Thursday, the security provider describes how this attack works.

SEE: File: A winning strategy for cybersecurity (free PDF) (TechRepublic)

Sent to faculty and students at colleges and universities across the United States, the initial email asked the user to choose between two profile photos apparently from an adult dating site (Figure A). By clicking on the button of one of the photos, you downloaded an executable file. If the recipient took the bait and attempted to install the file, the Hupigon Remote Access Trojan (RAT) was installed on the computer.

Figure A


Image: proof

Once installed, Hupigon opens a backdoor to a command and control server that can access the machine, allowing the attacker to control the webcam, audio, and other hardware, and steal login credentials. and other sensitive data. Since 2006 or possibly earlier, the Hupigon RAT has been associated with state-sponsored Advanced Persistent Threats (APTs) in various campaigns around the world. In 2010, Chinese APT groups like APT3 used this RAT to carry out attacks.

Proofpoint found that over 150,000 adult dating site emails were sent to over 60 different industries, 45% of which were directed to colleges and universities; other sectors targeted included manufacturing, healthcare, technology and entertainment / media (Number B). Started on April 13, 2020, the campaign peaked at 80,000 messages between April 14 and April 15 before stopping and eventually becoming inactive.

Number B


Image: proof

How to protect students and faculty from cyber threats

Compared to traditional businesses, colleges and universities can be more difficult environments for IT and security staff to manage, according to Sherrod DeGrippo, senior director of research and threat detection at Proofpoint. The ever-changing student body and culture of openness and information sharing can conflict with the controls necessary to protect users from cyber attacks.

“It is essential that colleges and universities prioritize a people-centered approach to security that protects all parties (their employees, students and partners) against phishing, email fraud, credential theft and brute force attacks, ”DeGrippo said. “We recommend layered defenses at the edge of the network, at the email gateway, in the cloud and at the endpoint, along with strong user training to provide the best defense against these social engineering schemes. “

There are also security measures that students and faculty should keep in mind to protect themselves from cyber threats.

“It is important that students and faculty be extremely vigilant when confirming the source of all emails sent to their personal and school inboxes, especially those that urgently request a link be clicked,” a password change or money transfer, ”DeGrippo said. noted. “For online dating, we recommend that individuals visit an organization’s verified website or app directly, rather than clicking on links included in an email. We also recommend that users monitor their reports. credit card to detect any malicious actor attempting to use stolen personal information to commit identity fraud if they fall victim to this type of threat. “

Also look

Source link

Comments are closed.