New MM Core APT Malware Strains Discovered

The infamous MM Core APT malware has been used in several new attack campaigns against organizations around the world. The Trojan has been well known to criminals since 2013, continue reading our article to find out more about the revived threat.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

MM Core Malware Revived and Used in Attack Campaigns

The MM Core malware is not a new threat. Its first version was discovered back in April 2013 when the FireEye security team spotted an interesting threat with some interesting features. The malware was able to collect information about the infected host and create a backdoor that allowed the computer hackers to remote access the hosts. It was labeled 2.0 LNK and it was used to target various organizations in Central Asia and the Middle East.

It attracted the attention of the researchers because it waited for user interaction by watching for mouse clicks and movement before committing any further action. It had a built-in sandbox evasion module and it used URL shortening services to protect its remote C&C servers from being blacklisted by web filtering systems. The malicious code is downloaded into memory which prevents the investigators from extracting any detailed information about the samples from the infected machine’s hard drive.

An updated version labeled as 2.1-LNK also known as StrangeLove features almost the same capabilities with some changes in the downloader module. It was used to attack various organizations and individuals in the Middle East.

New MM Core Malware Attacks

Security researchers at Forcepoint identified two new versions of the MM Core malware – BigBoss (2.2-LNK) and SillyGoose (2.3-LNK). The BigBoss version has been used actively in attack campaigns since 2015 while SillyGoose has been used by the criminals since September 2016. These two new versions have been used to target various computer users and organizations from the United States and Africa with a focus on the media industry, government structures, oil and gas companies and telecommunications providers.

The new variants of the virus code uses nearly the same backdoor features as Strangelove, however they exhibit different file names. They also rely on a Microsoft Word vulnerability that is used to extract the malicious payload onto the infected host. Some of the components that are used to download the payload were signed using a valid certificate issued to Bor Port, a Russian organization. The security researchers suspect that the criminals have probably stole it from the company. The hackers behind the MM Core malware attacks have utilized the WHOIS privacy features on their controlled domains.

Protect Yourself!

Malware infections and attack campaigns that deliver dangerous payloads can be prevented using a trusted anti-spyware tool.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.


Related Posts