Trojan Delilah Recruits Malicious Insiders Via Extortion
Organizations have been warned of a rise in insider threats after a new trojan was revealed which is specifically designed to gather information on targeted victims so that malware authors can blackmail them into doing their will.
Threat intelligence firm Diskin Advanced Technologies (DAT) discovered the new malware – dubbed “Delilah” presumably in reference to the biblical character – on the cybercrime underground, but shared among closed hacker groups.
It’s delivered to victims who visit and attempt downloads from certain adult and gaming sites, according to Gartner distinguished analyst, Avivah Litan.
After installation it apparently gathers personal information on the targeted victim including info about their family and workplace. A plug-in is also available which enables the hacker to remotely switch on the victim’s webcam and record them.
With this information the hacker can then manipulate the victim into doing their bidding.
“Also according to DAT, instructions to victims usually involve usage of VPN services, TOR and comprehensive deletion of browser history (probably to remove audit trails),” Litan explained in a blog post.
“These bots still require a high level of human involvement to identify and prioritize individuals who can be extorted into operating as insiders at desirable target organizations. Criminals who want to use the bot can also acquire managed social engineering and fraudster services to help them out, in case they lack those specific skills.”
It’s clear the trojan isn’t yet the finished article, apparently producing error messages when the webcam spying function is used and causing the screen to freeze.
Litan argued that more data on VPN and TOR activity is needed to better understand the nature of the threat and added that IT security teams should lock down risk by blocking certain risky sites.
“With Trojans like Delilah, organizations should expect insider recruitment to escalate further and more rapidly,” she concluded. “This will only add to the volume of insider threats caused by disgruntled employees selling their services on the Dark Web in order to harm their employers.”
Research from Kaspersky Lab in November 2015 claimed that nearly three in four firms have suffered an insider threat incident, with employees (42%) the largest single cause of data loss.
Source: Information Security Magazine