Hello! Did you hear about the new malware targeting telecom companies in Asia? If not, here’s what you need to know. Security researchers discovered new variants of the PlugX and Bookworm malware that are causing disruptions in countries like Kazakhstan, Uzbekistan, and other ASEAN countries.
This new version is similar to other malware such as RainyDay, which suggests that groups like Lotus Panda and BackdoorDiplomacy may be affiliated or have access to shared tools. Telecom companies—or other service providers—are especially targeted because they have access to a large amount of rich data.
Bookworm uses an advanced method to buffer and conceal its malicious code to evade detection. The Mustang Panda group has invested years into advancing this piece of malware, indicating that they are serious about compromising sensitive information through spying.
Interested to learn what tools or targets will next be identified by these hacker groups? Fascinating but frightening. Protect yourself, protect your data!
What is PlugX Doing?
PlugX is classified as remote access malware. It allows attackers to take over infected computers from a distance. The new PlugX variants are hidden inside seemingly regular applications, running suspicious code in the background. PlugX can even capture keystrokes and send early-stage data back to the attackers.This new version is similar to other malware such as RainyDay, which suggests that groups like Lotus Panda and BackdoorDiplomacy may be affiliated or have access to shared tools. Telecom companies—or other service providers—are especially targeted because they have access to a large amount of rich data.
Bookworm Malware: Another Hacker Tool
Bookworm is another malware produced by the group Mustang Panda. One of the advantages of Bookworm is that it is highly flexible, allowing the attacker to quickly add new functionality in a timely manner. Examples of functionality include the ability to upload files, execute commands, and steal sensitive information. Bookworm is also capable of obliterating its footprint by using decoy web URLs.Bookworm uses an advanced method to buffer and conceal its malicious code to evade detection. The Mustang Panda group has invested years into advancing this piece of malware, indicating that they are serious about compromising sensitive information through spying.
Why This is Important
These malware attacks are serious. They not only compromise sensitive information, they can bring down entire telecom systems, impact millions of people. If you are in IT, Telecom or any business sector where privacy is important, you should review your systems, make sure everything is up to date, avoid suspicious programs, and take cyber security seriously!Main Message
The primary message is: PlugX and Bookworm are sophisticated tools utilized by hackers to target Asian telecom and ASEAN networks. These attacks serve as an example of the value of protecting your networks and your data.Interested to learn what tools or targets will next be identified by these hacker groups? Fascinating but frightening. Protect yourself, protect your data!
