More On MiniDuke and How to Remove It
The APT floodgates seem to have opened sometime in the past twelve months, Stuxnet is no longer alone in the field and the latest arrival is MiniDuke, a very sophisticated, if low-profile and minimalist piece of malware.
“We’re dealing, unfortunately, with the work of a very small group of career criminals – people who’ve written a lot of malware before MiniDuke and who are doing more with less.
To make a comparison, Flamer was obviously much more complex, probably the work of a big, competent, well-managed team, there were lots of resources poured into finding and using zero day exploits, it was an expensive e-threat to build, all in all. MiniDuke looks much more like a hacker project, it’s done on a shoestring budget” Marius Tivadar commented.
This comparative lack of resources has apparently imposed some odd design choices on the malware writers.
“The samples we have are all customized, polymorphized, there is an encrypted part which is specifically built for each target machine – but from what we can tell, there is no modularity, like we see with Flamer and Stuxnet. It seems to be all of a piece. It’s very old-school malware, although there are some very modern touches, like the use of Twitter and Google for command and control purposes” Marius said.
When asked to comment upon the possible origin of the malware, mr. Tivadar explained : “we have no leads so far, apart from the appearance of 666 in the code and the fact it was asking what time it is in China at one point. I wouldn’t venture a guess based on such flimsy evidence, frankly.”
Bitdefender has released a free removal tool: [download id=”3800″].
UPDATE: the removal tool has been itself updated, to deal with newly-discovered samples.
Vulnerabilities Identified in Wyze Cam IoT Device
March 29, 2022
New FluBot and TeaBot Global Malware Campaigns Discovered
January 26, 2022
Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately
December 10, 2021
Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand
November 08, 2021
Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware
September 16, 2021
LuminousMoth – PlugX, File Exfiltration and Persistence Revisited
July 21, 2021