Malware researchers reported about the latest rising of a new form of malware that is significantly targeting government Organizations, Universities and high profile Private Companies. Supposedly it seems the first major ransomware attack of 2018. The severe detection of the malware is called “Lebel” by the malware experts of Comodo Group Inc. The malware has been detected in 23 private companies, 5 universities, and several government organizations as well. It is classed under sophisticated type of malware that can damage systems. Lebel malware uses a block chain management system to bypass technical security means and decisive people.
The infections vector of the Lebel malware attacks are noticed as bing specifically targeted ransom attacks of malware. The attacks was not similar to the previous attacks because this attack is camouflaged using several infecting layers of email attacks. The hackers usages their first attack using a disguised as an attachment from federal express that came on your system as phishing email and the second attempt made through a malicious link pretending to be a link to the Google Drive. When a user clicks on a link, intruders can steal sensitive or confidential data from the web browsers, including cookies and credentials and hackers also search for information about email and instant messaging clients. In addition to that, Lebal can extract hidden credentials from FTP files such as WinSCP or FileZilla and tries to locate and access encryption models like Bitcoin or Electrum. According to the security researchers, “it takes whatever can extract” from victim’s machine.
The Lebel malware does not stop there either. Malware also tries to shut down the operating system’s defense, apart from hiding from anti-malware tools in different sophisticated ways, making it more dangerous than other forms of malware attacks. The malware attack targeted at 30 mail servers is provided with an IP address to Sao Paulo, Brazil, with 328 phishing emails sent on 8th January. The fact of coming from Brazil does not matter what attacks where the attackers are based, as it would be extremely easy for the attackers to hijack a machine remotely to distribute malware.
Comodo Threat Research Labs reported that the enterprise users should be aware because the hackers can use the malware and also they should take proper actions to secure their networks from the unauthorized accesses like Lebel malware.