Researchers have caught a new malware campaign in the wild that deploys a novel Rust-based malware to Azerbaijan targets. While not linked to a known threat actor group, the campaign still includes some false flags, possibly to hide the actual threat actors behind it.
New Rust Malware Targets Azerbaijan Users
According to a recent post from the Deep Instinct Threat Lab, their researchers have found a new malware campaign with a particular victim list.
Analyzing the malware revealed that the malware is a novel threat written in rust programming language and specifically targets Azerbaijan users.
In brief, the attack begins with a .lnk file that poses as an image file by carrying “.jpg” in the file name. Here again, the attackers leverage the default settings of most operating systems to hide file name extensions so that the potential victims would only see “.jpg” in the file name and click on it, considering it an image.
In the sample the researchers analyzed, this file possessed the name “1.KARABAKH.jpg.lnk,” possibly hinting at the attackers’ attempt to exploit the recent political situation to lure victims into clicking the file.
Once done, the malicious file drops an MSI installer that implants a Rust-based malware alongside a decoy image file and an XML file for executing the implant.
According to the researchers, the new malware is written in Rust language, which hackers prefer due to its complexity for reverse engineering. The malware performs various malicious activities on the target systems, gathers system information, and transmits the data to the attackers’ server while avoiding sandbox and analysis environments.
Threat Actors’ Identity Remains Unclear
The researchers could not link the malicious campaign to a known threat actor. However, they did observe the use of a modified document in this campaign that the Storm-0978 group had used. Nonetheless, they consider it as a deliberate “false flag’, and also suggest the possibility of the entire activity as a red team exercise.
Whatever the case is, this new malware emphasizes the need to avoid interacting with unsolicited files/attachments to avoid such threats.
Let us know your thoughts in the comments.