{"id":4962,"date":"2020-08-26T09:41:27","date_gmt":"2020-08-25T21:41:27","guid":{"rendered":"https:\/\/kinetics.co.nz\/?p=4962"},"modified":"2020-08-26T09:41:27","modified_gmt":"2020-08-25T21:41:27","slug":"is-deathstalker-coming-for-you","status":"publish","type":"post","link":"https:\/\/new.kinetics.co.nz\/?p=4962","title":{"rendered":"Is “Deathstalker” coming for you?"},"content":{"rendered":"

[et_pb_section fb_built=”1″ admin_label=”section” _builder_version=”4.16″ global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_row admin_label=”row” _builder_version=”4.16″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_column type=”4_4″ _builder_version=”4.16″ custom_padding=”|||” global_colors_info=”{}” custom_padding__hover=”|||” theme_builder_area=”post_content”][et_pb_text admin_label=”Text” _builder_version=”4.16.1″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” hover_enabled=”0″ global_colors_info=”{}” theme_builder_area=”post_content” sticky_enabled=”0″]\"\"<\/a>Cyber-Crime is big business.\u00a0 The criminals are organised and sophisticated.\u00a0 Imagine if they put their ingenuity to things that are good?\u00a0 But alas, that’s not reality.\u00a0 Instead we have to brace ourselves to deal with another wave of crime.<\/p>\n

Deathstalker is a such a great name, inspiring fear.\u00a0 In fact, Deathstalkers are a type of scorpion<\/a>.\u00a0 I desperately wanted to find out that they were misnamed and quite pleasant but actually they seem like quite nasty, cannibalistic little characters.<\/p>\n

Most of the information we can find on this threat comes from Kaspersky and we haven’t been able to verify this with other sources.\u00a0 However it is sufficiently worrying that we wanted to bring it to your attention.<\/p>\n

These hackers are targeting LEGAL and FINANCIAL services firms<\/h2>\n

They want to steal information to sell, or they will act as mercenaries and attack on demand.<\/p>\n

They start by using a phishing attack<\/a> (targeting the victim with a hand-crafted email that tempts you to open it) to entice the victim to open an apparently innocent file that is actually a hidden powershell script (LNK) . Of course, the victim doesn’t know that – they think its something they need to read – a candidate CV, remittance advice, or a purchase order, or a letter of some sort.<\/p>\n

Introducing the Dead-Drop-Resolver<\/strong><\/p>\n

The malicious code points to a public, trusted site.\u00a0 These appear to be legitimate, like pointing to a seemingly innocent YouTube video that has a comment which happens to include some weird sequence of characters that is actually the code that instructs or triggers the malicious code.\u00a0 \u00a0 This code is enough to tell the malware what to do, including launching further malware on the victim’s PC.<\/p>\n

So, what can you do to reduce your risk?\u00a0<\/strong><\/p>\n