A new sample of the dreaded Shamoon wiper was uploaded on December 23 to the VirusTotal platform from France. This sample attempt to disguise itself as a system optimization tool developed by Chinese technology company Baidu.
The new variant is signed with a digital certificate from Baidu that was issued on March 25,
AThis sample was packed using the commercial packing tool Enigma version 4.
In the attempt to deceive the victims, attackers used the internal file name “Baidu PC Faster” and the “Baidu WiFi Hotspot Setup” in the description of the file.
“The newest Shamoon sample was uploaded from France on December 23, 2018 and utilizes the commercial packing tool Enigma version 4 as a means of obfuscation. As observed in previous Shamoon samples the internal file name invokes a known PC tool, likely as a lure to allay initial user suspicion.” reads the analysis published by Anomali Labs.
Experts speculate the Shamoon 3 sample was “compiled based on the second version of the codebase,” it has many similarities with Shamoon 2.
(SecurityAffairs – Shamoon 3, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.