HQ/EMEAFind out how we can help your business
A newly discovered cybercriminal campaign that uses the latest variant of BlueShell malware has emerged in the wild. The re-emergence of this old malware could target different operating systems, including Linux, Windows, and macOS. The operators of this campaign currently target South Korea and Thailand.
The BlueShell malware has been circulating the cybercriminal landscape since 2020. The malware developers coded it in the Go programming language, making it a formidable adversary. In addition, the BlueShell malware could use TLS encryption to set it apart, allowing it to hide its communications with a command-and-control (C2) server, making it harder to detect.
New analysis showed that the malware has three important configuration parameters: its C2 server’s IP address, port number, and a specified waiting time. The initial investigation of the malware revealed that it could come from a Chinese-speaking threat group called Dalbit. The group is notorious for targeting vulnerable servers to harvest critical information.
The new BlueShell malware appeared on a Linux operating system in South Korea and Thailand.
A recent investigation claimed that the BlueShell malware has ongoing malicious activity within Linux environments. A researcher came across a customised malware variant on VirusTotal. The more concerning part of this malware sample is that it already exists in South Korean and Thai Servers. This detail indicates that there are already ongoing campaigns in these regions.
BlueShell is not the only malware campaign that has caused trouble recently. Operating systems worldwide also dealt with other campaigns such as Evil MinIO, SkidMap, and hVNC tools for macOS.
These malicious occurrences that are becoming a trend show the vulnerability of all operating systems despite their advanced security. South Korea and Thailand organisations, should take proactive measures to counteract the increase in malware attacks.
Applying regular system updates, robust intrusion detection protocols and enhanced server security measures could significantly help numerous organisations mitigate these campaigns’ effects.
Every organisation needs to educate their users and employees to spot phishing attempts since vigilance is critical in fending off malware infections. Everyone should know these threats to avoid falling victim to such cyberattacks.
