Malware attacks impact Russia

Numerous industrial and government entities across Russia have been subjected to cyberattacks with an information-stealing backdoor since June, with the still-unknown threat actors deploying an updated version of the malware in mid-August, according to BleepingComputer. Phishing emails with a malicious ARJ archive featuring a fraudulent PDF document and an NSIS script have been leveraged by attackers to facilitate the deployment of the malware payload dubbed as "UsrRunVGA.exe," as well as the Netrunner and Dmcserv backdoors on targeted systems, while persistence is being achieved through the installation of malicious executables in a concealed window, a report from Kaspersky revealed. Further analysis revealed that aside from listing folders and files and exfiltrating files, the UsrRunVGA.exe backdoor also enabled the gathering of desktop screenshots and clipboard contents, as well as the scouring of files with different extensions, which are then AES encrypted to bypass detection. More information-stealing features have been added by threat actors in an updated version of the backdoor, which could target more web browsers.