A new dangerous threat dubbed the Typeframe virus has been found to originate from North Korea. This was reported by the US DHS (Department of Homeland Security), the investigation shows that it is a very potent threat.
New North Korean Weapon Revealed — The Typeframe Virus
The alleged ongoing cyberattacks that originate from North Korea (or a bounced through that country’s network servers) showcased a new malware. The US DHS reported that the new weapon is called the Typeframe virus and it can lead to serious damage to the infected hosts. There is no information about the exact mechanism of delivery and infiltration, meaning that the criminals behind it can use any number of complex methods.
It follows a predefined behavior pattern that first checks for the presence of certain components — ether other parts of the engine or other threats controlled by the hackers. It is able to download them accordingly if they are not present on the target computers. All malicious files can be renamed to impersonate Windows modules and key components.
Like other similar threats the Typeframe virus can also be set up as a persistent threat which automatically starts it once the computer is booted. It can also access the Windows Registry and modify the contained strings within. If the malicious engine modifies entries that belong to the operating system overall performance can suffer. In other cases the virus can be programmed into disabling functionality of user-installed applications.
The report reads that it can be used as an intermediate payload delivery mechanism. This means that the hackers can use it to deploy other threats. The code analysis reveals that it can bypass security software such as firewalls (and possibly anti-virus programs). This leads to network exposure of the target hosts which can lead to serious abuse of all connected resources.
One of the key functions that were identified with the Typeframe virus is it’s ability to connect to a hacker-controlled server. This allows the criminal controllers to spy on the victims in real time and take over control of their machines. One of the reasons why this is extremely dangerous is the fact that such components can be used to harvest private data. Threats such as this one can be programmed to automatically scan for strings and information that can reveal the victim’s identity and expose their financial information. When this data is transferred to the hackers they can use it for various crimes including identity theft and financial abuse.
Security researchers rate this a severe threat. It is very possible that the Typeframe virus is used in complex attacks in forthcoming campaigns.