PH Becomes New Target of Cyberespionage Malware

According to cybersecurity experts from Kaspersky, Southeast Asian users are now being targeted by wide-scale cyberespionage malware. The Philippines, in particular, is the most at risk from this current risk.

Over 1,400 users in the Philippines have fallen victim to this advanced persistent threat (APT) campaign, with some of the targets being entities connected to the government. APT campaigns are regarded to be highly targeted operations, only targeting a few dozen victims at a time.

The malware is known as LuminousMoth, which has been conducting similar attacks since October 2020. However, the threat was mostly focused on Myanmar and has since shifted to the country.

Initial infection happens through spear-phishing emails where a user will receive an email that contains a malicious Dropbox link. Upon clicking the attachment, a RAR archive will be downloaded onto the individual’s device cloaked as a simple word document.

It will then attempt to infect other users through USB drives. If a removable drive is connected to an infected device, the malware will move the victim’s files into a hidden directory on the drive along with the malicious executables.

LuminousMoth has been likened to HoneyMyte, a Chinese-speaking threat group that gathers geopolitical and economic intelligence in the regions of Asia and Africa.

“The massive scale of the attack is quite rare. It’s also interesting that we’ve seen far more attacks in the Philippines than in Myanmar,” explained Senior Security Researcher Mark Lechtik from the Global Research and Analysis Team (GReAT).

“This could be due to the use of USB drives as a spreading mechanism or there could be yet another infection vector that we’re not yet aware of being used in the Philippines,” elaborated Aseel Kayal, also a GReAT Security Researcher.

Source: Manila Bulletin