A newly discovered hacking crew is creating all sorts of mischief, despite largely relying on off-the-shelf tools rather than custom malware.
The Netrepser crew are targeting government agencies and organisations using a malware toolkit built around a legitimate, yet controversial recovery toolkit provided by Nirsoft.
Cyber security firm Bitdefender reports that the cyber-spies have outfitted Nirsoft's toolkit to a range of information-stealing approaches ranging from keylogging to password and cookie theft. This is akin - at a stretch - to the A-Team's approach of welding plates and otherwise modifying a car to make it at least partially bullet-proof and or have offensive capabilities prior to launching an assault.
"Even though the Netrepser malware uses free tools and utilises these to carry various jobs to completion, the technical complexity of the attack, as well as the targets attacked, suggest that Netrepser is far more than a commercial-grade tool," according to BitDefender.
A total of 500 computers in an unknown number of countries have been affected, according to preliminary analysis work by the Romanian security software vendor. "The constitution of the malware – particularly the fact that it is assembled out of publicly available tools leave no forensic evidence for Bitdefender to analyse and attempt to identify the nationality of the attacker," it added.
Nirsoft software is used to recover cached passwords or monitor network traffic via command-line interfaces that can be configured to run covertly. This makes the utility easy to abuse, making it a frequent target of black-listing by anti-malware tools. ®