G20 Summits are notorious in the IT security industry for frequently being the target of cyber-criminals. The 2014 G20 Summit, being held this weekend in Brisbane, Australia, is proving to be no exception. This was confirmed by the detection of a sample of the Gh0st Remote Access Trojan (RAT), detected as Win32/Farfli, in an email targeting advocates of the Tibetan cause. ESET® has analyzed the Trojan in blog post on WeLiveSecurity.com.
Victims receive an email with subject ‘Join us at rally for Tibet during the G20 Summit’ containing an infected document.
“The malicious actor is trying to lure the recipient into opening an infected attachment by using a rally that is being organized by the Australian Tibet Council. In fact, the email text was copied directly from the group’s website,” reads the blog post.
This malware uses CVE-2014-0158 vulnerability of Microsoft Word and if it is successful, it will install the Gh0st RAT malware on the computer. Once the Gh0st RAT connects to its Command and Control Center, it allows the operator to control remotely the compromised computer.
More about this example of Gh0st RAT is available at WeLiveSecurity.com.