#JeSuisCharlie exploited to spread DarkComet RAT

UploadsNewsArticle4489608main

Hackers are distributing malware by exploiting the #JeSuisCharlie hashtag, capitalising on the outrage surrounding the attack on French satirical magazine Charlie Hebdo, according to security vendor Blue Coat.

Users of social media networks such as Twitter are at risk of downloading the remote access tool DarkComet, used by hackers to hijack other people’s computers, and said by the firm to be freely available on the web.

Snorre Fagerland, senior principal security researcher at Blue Coat, said: "DarkComet was originally developed by the French hacker DarkCoderSc, who stopped further development on the project in 2012."

"Nevertheless, its ease of use and rich set of features have kept it popular for all sorts of attackers – from script kiddies and activists to more sinister players."

A sample of malware analysed by the firm attempted to disguise itself as an old version of the Windows program MovieMaker, a popular free tool for editing film clips.

Fagerland said it connected to a command and control (C&C) server run by dynamic domain host No-IP, which was taken down by Microsoft last summer in connection with hosting malicious websites, though the actual domain resolved at a French IP address hosted by Orange.

He advised users to be alert that items gaining interest in the media were liable to be exploited in campaigns like this, adding that nothing was too "sacred" for hackers.

Comments (0)

Leave a Reply

Your email address will not be published. Required fields are marked *

Favourites

  • Favorite list is empty.
FavoriteLoadingClear favorites

Your favorite posts saved to your browsers cookies. If you clear cookies also favorite posts will be deleted.