"The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control (C2) channel, allowing it to bypass traditional perimeter network defenses."
"Harvester was first publicly documented by Symantec in late 2021, linking it to an information-stealing campaign aimed at telecommunications, government, and information technology sectors in South Asia since June 2021."
"The attacks employ social engineering to trick victims into opening ELF binaries disguised as PDF documents. The dropper then proceeds to display a lure document while stealthily running the backdoor."
"Like its Windows counterpart, the Linux version of GoGra abuses Microsoft's cloud infrastructure to contact a specific Outlook mailbox folder named 'Zomato Pizza' every two seconds using Open Data Protocol (OData) queries."
Harvester has introduced a Linux variant of its GoGra backdoor, targeting South Asian entities. This malware utilizes the Microsoft Graph API and Outlook mailboxes for command-and-control, evading traditional defenses. Artifacts linked to the malware were found in India and Afghanistan, indicating potential espionage targets. The group has been active since 2021, initially focusing on telecommunications and government sectors. The Linux version employs social engineering tactics to disguise ELF binaries as PDFs, executing commands upon receiving specific emails.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]