Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Updated version of Remexi malware leveraged to spy on foreign diplomats in Iran

Updated version of Remexi malware leveraged to spy on foreign diplomats in Iran

  • The malware boasts a variety of capabilities such as recording keystrokes, taking screenshots of Windows and stealing credentials, logins, and the browser history.
  • Once installed, the malware first connects with the C2 server of hackers in order to receive malicious commands.

An updated version of Remexi malware was used in a cyber-espionage campaign that targeted Iranian IP addresses late last year. The goal of the campaign was to infect systems that belonged to foreign diplomats residing in Iran’s border.

Remexi malware is typically associated with an APT group named Chafer. According to Denis Legezo, a researcher from Kaspersky, the malware’s use in the 2018 campaign suggests that Iranian actors may have executed a domestic operation against these foreign diplomatic entities.

Remexi malware capabilities

Although Remexi originally dates back to at least 2015, the newest module’s was observed by researchers in March 2018.

“The main tool used in this campaign is an updated version of the Remexi malware, publicly reported by Symantec back in 2015. The newest module’s compilation timestamp is March 2018. The developers used GCC compiler on Windows in the MinGW environment,” said Legezo in a blog post.

The malware boasts a variety of capabilities such as recording keystrokes, taking screenshots of Windows, stealing credentials, logons and the browser history and executing remote commands.

Once installed, the malware first connects with the C2 server of hackers in order to receive malicious commands.

“Its C2 is based on IIS using .asp technology to handle the victims’ HTTP requests. All the commands received from the C2 are first saved to an auxiliary file and then stored encrypted in the system registry. The standalone thread will decrypt and execute them,” Legezo explained.

There is no evidence of how the new variant of Remexi spreads. However, in one instance of infection, researcher Legezo was able to establish a connection between Remexi and an AutoIT script compiled as a PE file. Kaspersky believes that this executable may have been used to drop the Remexi malware.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket