News

Hackers From Pakistan Use Linux Malware Poseidon To Target Indian Government Agencies

The Pakistan-based advanced persistent threat (APT) actor mainly famous as Transparent Tribe used a two-factor authentication (2FA) tool used by Indian government agencies as a ruse to deliver a new Linux backdoor called “Poseidon”

The Poseidon malware is a kind of malware that enables operators to access a bunch of functionalities including keylogging, access to files, screen recording, and remote administrative control.

Moreover, it’s a second-stage payload Malware that was actually delivered utilizing the fake version of the Kavach two-factor app. Which is specifically used by Indian government agencies to provide safe and secure access to email services.

Tejaswini Sandapolla, Uptycs security stated in a technical report that “Poseidon is a second-stage payload malware associated with Transparent Tribe”.

 

In addition, he also stated that “in a general-purpose backdoor that enables attackers with a wide range of capabilities to hijack an infected host. Its functionalities include logging keystrokes, taking screen captures, uploading and downloading files, and remotely administering the system in various ways”.

Moreover, due to the high risk of malware attacks, Transparent Tribe is also tracked as APT 36, Operation C-major, Mythic Leopard, and PROJECTM.

It possesses a track record of targeting Indian government organizations, military personnel, defense contractors, and educational entities.

Additionally, it has frequently used Romanized versions of Kavach, the 2FA software that the Indian government requires, to spread a variety of malware like Crimson RAT and LimePad to gather important data.

Last year, another phishing campaign took advantage of getting a chance of weaponized attachments to download malware designed to exfiltrate database files created by the Karachi app.

 

Moreover, the most recent attacks target Linux users employed by Indian government organizations using a back doored version of Kavach. Showing an effort by the threat actor to broaden the scope of its attack beyond Windows and Android ecosystems.

According to Sandapolla, “When a user interacts with the malicious version of Kavach, the genuine login page is displayed to distract them”.

Meanwhile, “the payload is downloaded in the background, compromising the user’s system”.

On the other hand, the initial point of the infections is an ELF malware sample, a compiled Python executable that’s engineered to retrieve the other-stage Poseidon payload from a remote server.

Whereas, the cyber security company observed that rogue websites that pose as official Indian government websites are the main means by which fake Kavach apps are disseminated.

These websites include ksboard[.]in and www.rodra[.]in

As social engineering has become a primary attack vector used by Transparent Tribe, users working for the Indian government need to be proactive to check URLs received in emails before opening them.

Sandapolla said, “Repercussions of this APT36 attack could be significant, leading to loss of sensitive information, financial losses, compromised systems, and reputational damage”.

 

Read more:

Hackers are Now Using ChatGPT to Create Malwares

Godfather Malware is on the Loose Again: Regulators Issues Warning

 

 

Sponsored
Senoria Khursheed

Leave a Comment
Share
Published by
Senoria Khursheed

Recent Posts

SBP Chief Reports October Remittances Exceed $3 Billion

KARACHI: The State Bank of Pakistan (SBP) is anticipating $500 million from the Asian Development…

8 mins ago

Sindh Assembly Reveals 28,500 Govt Employees’ Spouses as Illegal BISP Beneficiaries

The Sindh Assembly was informed that over 28,500 employees of the provincial government were unlawfully…

1 hour ago

SBP Eases Policy Rate by 2.5% as Inflation Shows Steady Decline

The Monetary Policy Committee (MPC) of the State Bank of Pakistan decided to cut the…

1 hour ago

SECP to Host Pakistan Startup Summit in Karachi Next Week

The Securities and Exchange Commission of Pakistan (SECP) is organizing the Pakistan Startup Summit, which…

2 hours ago

Fake News by Pakistani AI Website Sparks Turmoil in Ireland

On October 31, 2024, Halloween was celebrated worldwide, and the holiday spirit still lingers. Pakistan…

2 hours ago

Pak Suzuki Drops Popular Graphite Grey from Vehicle Lineup in Pakistan

Pakistan Suzuki Motor Company (PSMC) has announced the discontinuation of the widely favored Graphite Grey…

2 hours ago