Hammertoss: The malware that mimics real user behaviour
The malware uses noise from social networks to spy on victims
A new breed of sophisticated malware is pretending to be a real person in order to spy on its victims longer.
Researchers at FireEye discovered the particular strain of malware can hide' in network traffic such as Twitter and GitHub after it has been installed on machines, watching what users are doing for as long as it wants, going undetected by antivirus tools.
Starting by scouring Twitter streams for specific messages sent by hackers, these give it its instructions, before it explores GitHub for an image that includes code to perform the next stage of its attack.
This image instructs the malware to upload confidential files from organisations' computer systems onto a cloud-based server that the hacking group has access to, without anyone noticing at all.
FireEye believes Russian hacker group APT29 (possibly sponsored by the government) are behind the malicious program that uses advanced persistent threat (APT) campaigns to spy on people and can therefore run under the radar.
It can then "relay commands and extract data from compromised networks," when it wishes.
"We really think Hammertoss exemplifies the way [state-sponsored] actors are moving in a way that more easily evades and avoids traditional defenses," said Jordan Berry, a threat researcher at FireEye.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
However, the malware is only targeting limited numbers of, but sizeable targets so it continues to go undetected by detection software. If it were to target a higher-volume of smaller targets, it would be more likely to be discovered and a fix rolled out.
"While other APT groups try cover their tracks, very few groups show the same discipline to thwart investigators and the ability to adapt to network defenders' countermeasures," FireEye said.
Clare is the founder of Blue Cactus Digital, a digital marketing company that helps ethical and sustainability-focused businesses grow their customer base.
Prior to becoming a marketer, Clare was a journalist, working at a range of mobile device-focused outlets including Know Your Mobile before moving into freelance life.
As a freelance writer, she drew on her expertise in mobility to write features and guides for ITPro, as well as regularly writing news stories on a wide range of topics.