Cyber Espionage GovRat 2.0: Newer, Advanced Version of Undetectable Malware Steals U.S Government Sensitive Data; Lists Sold at Dark WebBy Anita Valencia
Software needs to have an update; it goes the same with malware. GovRat 2.0 is a newer version of the original GovRat - the malware that steals government's sensitive documents.
It is reported that the malware has attacked corporate computer systems and become more aggressive than usual. Security company, Info Armor, who published the case said that the malware with its unique and complicated system can bypass antivirus - making it undetected when doing its cyber espionage work.
The sensitive data being collected include email addresses, full names, physical addresses and hashed passwords, Slashdot reported. What's worrying is that the malware can quietly monitor the network traffic of a victim's computer.
Who are the hackers behind the cyber espionage?
It is reported that there are two hackers who work together to develop and distribute GovRat malware. Popopret and PoM (Peace of Mind) are sharing the credentials of the federal staffs and big names in education sectors such as University of Florida. Softpedia noted that this will enable buyers to spam the officials to spread the malware in forms of attachments or "lure the victims to a site that serves GovRat using drive-by download".
Who are the targets of malware GovRat 2.0?
According to chief intelligence officer, Andrew Komarov, the cyber espionage is targeting specific sectors such as researches, IT and government agencies. These stolen data is then sold at dark web including Hell forum at a fantastic price up to $6,000.
And since there have been many transactions in the black market, the number of victims is growing. It is reported that more than 30,000 accounts has been sold and many of the info belong to staffs working in US governments including those in military department, Security Affairs reported.
The affected agencies have been alerted by Info Armor but the precise number of entities being attacked is not disclosed.