444/67 Tuesday, December 17, 2024
Thai government officials have become targets of a new cyberattack employing a technique known as DLL Side-Loading to deploy a backdoor malware called “Yokai.” This malware is designed to take control of systems and execute commands from attackers via a command-and-control (C2) server. The campaign begins with a RAR file attached to an email, containing two Windows shortcut files named in Thai as “กระทรวงยุติธรรมสหรัฐ.pdf” (“U.S. Department of Justice.pdf”) and “รัฐบาลสหรัฐขอความร่วมมือระหว่างประเทศในเรื่องทางอาญา.docx” (“U.S. Government’s Request for International Criminal Cooperation.docx”). Opening these files launches a PDF or Word document to distract users while the malware is silently installed in the background.
The malware proceeds to extract three additional files, including one that appears legitimate from iTop Data Recovery, which is then used to load a malicious DLL into the system. The Yokai backdoor establishes persistence on the target system and connects to a C2 server to execute commands, such as opening command prompt windows (cmd.exe) and running shell commands for system control.
Analysts suspect that this campaign utilizes spear-phishing through deceptive emails to distribute malware via RAR files. However, there is no concrete evidence yet of the campaign’s success or reach. This incident highlights the evolving sophistication of malware, including its ability to evade cybersecurity software and target government officials with precision.
Users are advised to exercise caution and update their operating systems and software to the latest versions to mitigate potential risks. Experts recommend avoiding opening email attachments or clicking links from untrusted sources, installing effective antivirus software, and conducting regular system scans to defend against emerging malware threats.
Source https://thehackernews.com/2024/12/thai-officials-targeted-in-yokai.html
