Experts warn orgs about a new modular spyware backdoor

October 14, 2022
Cybersecurity Modular Spyware Backdoor AdvancedIPSpyware Advanced IP Scanner Network Intrusion

A new backdoor software called AdvancedIPSpyware has been infecting over 80 organisations worldwide, aiming to inject spyware into the targeted servers. The operators of this backdoor have imitated a legitimate network scanning tool called Advanced IP Scanner, used by network admins to monitor companies’ networks.

Because of Advanced IP Scanner’s wide usage among companies, threat actors have created a malicious version with a hidden spyware backdoor that could create a passage for them to access the victims’ networks once injected.

 

The threat operators of the spyware backdoor have hosted it on two malicious websites identical to the official site that hosts the download of the legitimate Advance IP Scanner.

 

According to the researchers, the malicious software is hosted on sites created through typo-squatted domains. These sites imitated the real Advance IP Scanner website to lure victims into believing its authenticity, alongside being signed with a genuine certificate for the malicious software.

The researchers have also attempted to locate the exact organisations that used the spyware-infected version of the Advance IP Scanner. However, its anonymisation feature disrupted them from doing so. Nonetheless, it was found that the malicious backdoor spyware has infected over 80 companies worldwide, including Africa, South Asia, Western Europe, Latin America, and the CIS.

While the modular architecture of the spyware backdoor made researchers presume that nation-backed groups have created it, its targeted companies from several countries imply that the campaign is not politically motivated.

Moreover, the researchers shared three modules of which the malicious software is comprised, including its main module that updates and deletes the spyware while creating new copies of itself; a command execution module with spyware-related features; and a network communication module that manages network-related activities.

The experts are also concerned about using modular architecture for the malicious tool since it shows how its authors are innovating their attack tactics. It might be easy to be a victim of these malicious lures for organisations. Still, with the right cybersecurity knowledge and implementation of appropriate security measures, companies could be safe from being targets.

About the author

Leave a Reply