Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Apache Malware Variant Discovered With Links to ‘Sweet Orange Exploit Kit’

Last month SecurityWeek reported about the discovery of a malicious module on Linux that was injecting malicious iFrames into websites. This week, researchers from ESET said they have discovered another Linux-based malware variant, one with links to the Sweet Orange exploit kit.

Last month SecurityWeek reported about the discovery of a malicious module on Linux that was injecting malicious iFrames into websites. This week, researchers from ESET said they have discovered another Linux-based malware variant, one with links to the Sweet Orange exploit kit.

According to ESET, the malicious Apache module is being used to inject malicious content into web pages served by an infected LAMPP deployment. Although this latest Linux-based malware variant can serve practically any type of content, in the cases observed by ESET, it installs a variant of Zbot (Zeus), the infamous malware designed to steal information from online banking customers.

Based on ESET’s analysis, the iFrame injected by the malware (called Linux/Chapro.A by the company) points to a Sweet Orange exploit pack landing page.

“At the time of our analysis, the exploit pack was being hosted in Lithuania. The pack tries to exploit several vulnerabilities found in modern web browsers and plugins,” said Pierre-Marc Bureau, ESET security intelligence program manager.

“The attack described in the present analysis shows the increased complexity of malware attacks. This complicated case spreads across three different countries, targeting users from a fourth one, and making it very hard for law enforcement agencies to investigate and mitigate its effects.”

For now, the malware is only targeting users in Russia, but the concern is that this could change. Moreover, the iFrame injects are transparent on the compromised LAMPP deployment, and unless the server admin is looking for signs of compromise, it’s unlikely they’ll notice.

Additional details are available on ESET’s blog.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.