HQ/EMEAFind out how we can help your business
DevOpt, a newly discovered multifunctional backdoor malware, could serve as a tool that could execute several capabilities, such as keylogging, credential stealing, file grabber, and clipper. This detail implies that the malware developers have constantly improved the malicious tool.
DevOpt has various abilities that could allow its operators to execute different forms of malicious campaigns.
The DevOpt malware is a versatile tool that could run different attack processes. Researchers confirmed four types of abilities that the malware could offer its operators.
The first ability is clipper malware. DevOpt could enable its attackers to record targeted data stored on a clipboard once DevOpt is on a compromised device. The actors could then copy all the data from the clipboard in a local file named clippa[.]dan.
The second form of malware is being a stealer. The tool could steal sensitive data, such as cookies, browsing history, login credentials and version-related data from Yandex and Chrome browsers. The malware will store it in a file called cdck[.]bin and bdck[.]bin.
Next is the Keylogger function. The malware could record all the user’s keystrokes and save them in a Kebba[.]dan file.
The last ability of the DevOpt malware is the grabber form. This ability could allow the threat actors to grab various archives, such as Excel spreadsheets, Word documents, text files, and RTF files stored in Downloads, Documents, and other desktop directories. The malware will then save these documents on a file dubbed as grb[.]bin.
Malware developers distribute this tool through fake websites with a touch of social engineering tactics. A specific Russian website offers users some rewards for executing particular objectives—one of the tasks involves downloading malware that impersonates an archive file. Once a user double-clicks the archive file to access it, the malware will operate itself.
Cybersecurity experts explain that multifunctional malware has been becoming a trend recently. Therefore, organisations should constantly upgrade their defence protocols and employ a multi-layered defence architecture to adapt to the rapidly evolving threat ecosystem.
