Tech News

DoNot Haker’s Malware Toolkit Received an Update With Improved Capabilities

By Abdul Wahab
DoNot Haker’s Malware Toolkit Received an Update With Improved Capabilities

The DoNot Team threat actor has been busy revamping their malware toolkit to do more. These improvements, according to Morphisec researchers Arnold Osipov and Hido Cohen, include a new infection chain that will be able to incorporate previous undocumented components into the modular framework. 

The DoNot Team, also known as Viceroy Tiger and APT-C-35, often targets defense, government, diplomatic and military entities in India, Sri Lanka, Pakistan, and Bangladesh and has been active since 2016. The evidence of the attacks was found in October 2021 by Amnesty International, which connected the attack infrastructure to Innefu Labs, an Indian cybersecurity company. 

These spear-phishing campaigns often contained malicious Microsoft Office documents used as delivery pathways for malware. They also took advantage of macros and other vulnerabilities in Microsoft Office documents to launch the backdoor. 

Morphisec’s latest findings build on reports done by ESET, which explain the intrusions done by the threat actor against military organizations based in South Asia. They did so by using several versions of their yty malware framework, and one of these included Jaca.

This means that RTF documents were used to trick the users into enabling macros. As a result, there was an execution of a piece of shellcode injected into memory. This, in turn, showed a second-stage shellcode to be downloaded from its command-and-control (C2) server. 

The second stage allows the retrieval of a DLL file from a remote server that starts the infection. A researcher noted that this stage enables the modules to be downloaded and executed so that they can steal information. 

These modules can harvest information in various ways, including keystrokes, files, data stored in web browsers, screenshots, etc. The toolset also includes a reverse shell module that allows the actor remote access to the victim’s machine. Therefore, it shows the threat actors developing their tactics to make them more effective. 

Read also:

Related posts:

The New OnePlus 11 May Have a Premium Ceramic Body With 16GB RAM
Nvidia Leak Suggests a More Powerful GeForce RTX 4080 to Release in 2024
Overwatch 2 Producer Hints at Major Console Improvements 
Motorola’s Moto G Power 5G Packs a Lot for Just $300

By Abdul Wahab

Abdul Wahab is a Software Engineer by profession and a Tech geek by nature. Having been associated with the tech industry for the last five years, he has covered a wide range of Tech topics and produced well-researched and engaging content. You will mostly find him reviewing tech products and writing blog posts. Binge-watching tech reviews and endlessly reading tech blogs are his favorite hobbies.

Related Post

Tech News

New X-Men Skins May Be in Store for Fortnite

Abdul Wahab
Tech News

Hogwarts Legacy Sidequest May Hint at a Possible Sequel

Bethany Wilson
Tech News

Infection Free Zone is Gaining Traction

Bethany Wilson

You Missed

Reviews

Host4Geeks Review

Latest Articles

5 Best eGPUs – Add Graphics Power to Your Laptop

Reviews

AzireVPN Review

How-tos & Tutorials

How to Uninstall NordVPN on Windows

Show Buttons
Hide Buttons