North Korean Hacking Group Releases New Trojan
The U.S. Department of Homeland Security and the Federal Bureau of Investigation have issued a joint malware analysis report highlighting a new Trojan used by the hacking group, Lazarus, out of North-Korea.
The report, published on the US-CERT website, stated the new Trojan, deemed Hoplight, was detected while tracking the malicious cyber activity of the North Korean-backed hacking group Lazarus, also known as Hidden Cobra. Additionally, the report contains a detailed analysis of the nine executable files found to be infected with the Hoplight Trojan.
Seven of the nine files have proxy applications in place in order to mask the traffic between the malware and its operators.
Of the remaining two files, researchers confirmed one contained a public SSL certificate with the payload appearing to be encoded with a password or key. The remaining file did not contain any of the public SSL certificates, but attempted outbound connections.
The Hoplight Trojan is able to read, write and move files, enumerate system drives, create and terminate processes, inject into running processes, create, start and stop services, modify registry settings, connect to a remote host, as well as upload and download files. The malware is also able to open and bind to a socket, and uses a public SSL certificate for secure communication.
**PC Matic users, rest assured you are entirely protected from this newly found Trojan. The nine executable files would not be able to run on any computer that has PC Matic’s whitelist protection running, as none of the files are known, trusted programs.
