ESET researcher analyzes Casper, the latest espionage malware by a cybercrime group responsible for
Babar and Bunny.
The espionage group behind the infamous eavesdropping cartoon malware strikes again. After Bunny and Babar the Elephant, the cyber criminals have developed their latest piece of malware – Casper. This first-stage reconnaissance tool is able to send a detailed report about the victim’s infected machine to its controller.
For the first time Casper was detected in mid-April 2014, when infecting a few victims in Syria. To pull this off, the attackers used 0-day exploits against the Flash application taking advantage of CVE-2014-0515 vulnerability. This information has helped cyber criminals to learn the details about the infected machine in order to decide about the next steps − all without being noticed.
”Interestingly, these exploits were hosted on a website belonging to the Syrian Justice Ministry jpic.gov.sy. This website was created by the Syrian government to allow Syrian citizens to send in complaints. It is still up, but it has been cleaned. Moreover, the Casper controller itself was also hosted on this website, and there were plugins deployed which are executed on the machine,” explains Joan Calvet, Malware Researcher at ESET.
Based on the observation and analysis of the malware, ESET researchers were able to confirm that the code matches the one used in Babar and Bunny malware. But Casper has gone a step further, adapting its strategy depending on which antivirus runs on the target machine. That is why practically no anti-virus or internet security software was able to detect it, except ESET LiveGrid®. Despite its sophistication, the malware was used only to target a very few people, all located in Syria.
The malware targets directly the visitors of the Syrian Justice Ministry website but also those arriving from other locations. “This level of code sharing leads us to conclude with a pretty high confidence that Bunny, Babar and Casper were all developed by the same organization,” adds Calvet.
Read more about ‘Casper: After Babar and Bunny, Another Espionage Cartoon’ in a detailed analysis by ESET research team on WeLiveSecurity.com
About ESET Since 1987, ESET® has been developing award-winning security software that now helps over 100 million users to Enjoy Safer Technology. Its broad security product portfolio covers popular platforms and provides businesses and consumers around the world with the perfect balance of performance and proactive protection. The company has a global sales network covering 180 countries, and regional offices in Bratislava, San Diego, Singapore and Buenos Aires. For more information visit www.eset.com or follow us on LinkedIn, Facebook and Twitter.