Last year on December 24, 2015, a potential online target was identified which was delivered via an email to a high profile Indian diplomat, an Ambassador to Afghanistan. The email was spoofed and crafted as if it was sent by the current defence minister of India, Mr. Manohar Parikar. The mail commended the Ambassador to Afghanistan on his contributions and success.
Looking at the recent Political interests of India in building and funding Afghanistan’s infrastructure and economic development, it is possible that some groups are interested in tracking and spying on the key political individuals.
Some of the economic interests which have been taken by India in Afghanistan are setting up iron ore mines, steel plants, power plants and transportation systems, helping reconstruct the Salma Dam and constructing a new Parliament Complex for the Afghan Government.
Here is how the email which was a Trojan was supposed to work:The Rich Text format downloads an executable from newsumbrella[.]net.The executable downloaded file is executed on the Victim’s machineThe executable ‘file.exe‘ is a downloader which is used to call out to a server with the IP ‘220.127.116.11‘ and downloads the main Rover malware along with plugins used by the Rover malware.Rover malware and plugins are downloaded and installed on the victim machine.Data exfiltrated from the victim’s machine.Researchers are relating it to the OpenCV technology. It is interesting to know that the OpenCV has been extensively used by organizations and research groups for real-time capture, image manipulation, object detection and many other uses in new forms of human-computer interaction, security systems, driver-less cars among many others. OpenCV was also used by the Mars Rovers to send captured data back to Earth.
It is interesting to see that the very code used in Mars Rovers are also being used to track and spy on individuals being targeted and which can remain undetected by traditional security systems.
Get Learn to Code 2016 Bundle here.