EyePyramid Malware Used For Stealing Sensitive Information

Computer hackers have used the EyePyramid malware to steal sensitive information from business leaders, bankers and politicians.

EyePyramid Malware Used For Espionage Purposes

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

The old EyePyramid malware has continued to be used in various cyber espionage operations conducted by computer hackers since the virus’s inception. The malware has been used to steal sensitive information from Italian politicians and bankers. According to the security reports the targets includes the president of the European Central Bank Mario Draghi, cardinals from The Vatican, a former prime minister, various ministries, businesses and even members of a Masonic lodge. The analyzed attacks have been carried out against victims since at least 2010. Kaspersky Lab experts identified that compiled samples from 2014 and 2014 that they used to obtain additional information about the virus.

The computer hackers responsible for it used social engineering tricks and phishing emails to deliver the malware to the victims. It was carried in archives in ZIP or 7ZIP files. The stored executable file included a name that often had multiple spaces which is a trick employed to trick the users about the actual executable extension.

Trend Micro experts have analyzed some of the attacks and determined that the spam messages originate from compromised accounts which belong to associates and attorneys from law companies. This tactic has proved quite reliable as it has infected a lot of high-profile individuals.

The virus itself is programmed using the .NET framework and features multiple layers of obfuscation which hide sensitive parts of the code. This makes analysis and detection more difficult, especially the Command and Control servers parts. The de-obfuscation part of the threat uses a decryption step which is based on the 3DES cipher along with MD5 and SHA-256 manipulation of the input data.

The malware is able to capture keystrokes and collects credentials and files that have seen interaction with the user. The affected data is encrypted and exfiltrated to an email address that is controlled by the operators using the MailBee.NEt.dll APIs. Experts from Kaspersky Labs reported that their solutions have been able to block more than 90% of all EyePyramid infections. About 80% of those were spotted in Italy while others were detected in Indonesia, France, Mexico, Monaco, China, Taiwan, Poland and Germany.

The people behind the EyePyramid malware are the Italian siblings Giulio Occhionero and Maria Occhionero which have been arrested for targeting the high-profile victims in attack campaigns.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

Was this content helpful?

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *