Security researchers have identified a new and concerning malware threat: a multi-platform framework called “MATA.” This framework has been targeting victims globally since at least April 2018.
READ ALSO: 5 Top Cybersecurity Books You Must Read
Table of Contents
Kaspersky Lab’s Analysis
- Early Detection: Kaspersky Lab identified the first traces of MATA in April 2018.
- Global Reach: The malware has targeted victims across various regions, including India, South Korea, Germany, Japan, Turkey, and Poland.
- Diverse Targets: MATA attacks have spanned various industries, including e-commerce, software development, and internet service providers (ISPs).
- Multiple Motivations: The hackers behind MATA have employed the framework for various malicious purposes. Examples include:
- Stealing customer data from a company’s database.
- Deploying VHS ransomware against another victim.
- Multiple Variants: Kaspersky Lab identified three variants of MATA targeting Windows, macOS, and Linux.
READ ALSO: Cybersecurity Strategies To Protect Your Critical SaaS Data
MATA Technical Details (Windows Variant)
- The Windows version features a layered architecture with an orchestrator component.
- The orchestrator loads plugins from memory using a hardcoded string and executes them directly.
- These plugins grant attackers capabilities like file manipulation, creating an HTTP proxy server, and more.
Distribution Methods
- The Linux variant can be downloaded from a seemingly legitimate website.
- The macOS variant is disguised as trojanized two-factor authentication (2FA) software.
Lazarus Group Connection
Kaspersky Lab’s analysis suggests a link between the MATA framework and the infamous Lazarus APT group, known for various cyberattacks.
READ ALSO: Cloud Security: Why Companies Should Not Fear To Move On The Cloud?
The Takeaway
The emergence of MATA highlights the evolving tactics of cybercriminals. Businesses and individuals should remain vigilant, maintain robust cybersecurity measures, and stay updated on the latest threats.
MATA Malware: Frequently Asked Questions
What is MATA?
MATA is a multi-platform malware framework that can infect Windows, macOS, or Linux devices. It has been used to target victims globally since at least April 2018.
Who is behind MATA?
Kaspersky Lab’s analysis suggests a link between MATA and the Lazarus Group, a notorious cybercrime group responsible for various attacks.
What are the targets of MATA attacks?
MATA has targeted companies across various sectors, including e-commerce, software development, and internet service providers (ISPs).
What are the goals of MATA attacks?
The attackers have used MATA for malicious purposes, such as stealing customer data and deploying ransomware.
How can I protect myself from MATA?
- Stay informed about the latest cyber threats.
- Use reputable security software and keep it updated.
- Be cautious when downloading files from unknown sources.
- Implement strong passwords and enable two-factor authentication (2FA) when available.
- Back up your data regularly.
Note: This was initially published in May 2020 but has been updated.
RELATED POSTS
- Most Effective Cybersecurity Strategy For A Small Business [We Asked 45+ Experts]
- Oh Boy! Cycldek deploys USBCulprit malware for internet users
- EasyJet confirms that cybercriminals hijacked 9 million
- When Is Hacking Illegal And Legal?
- Valak 2.0 malware loader turns enterprise data stealer
- What You Need to Know About NIST Cybersecurity Framework
- Notorious TrickBot malware updated to evade detection
About the Author:
Amaya Paucek is a professional with an MBA and practical experience in SEO and digital marketing. She is based in Philippines and specializes in helping businesses achieve their goals using her digital marketing skills. She is a keen observer of the ever-evolving digital landscape and looks forward to making a mark in the digital space.