According to security researchers, a new multi-platform malware framework just emerged, and it is termed “MATA.” It has successfully targeted victims all over the globe.
Kaspersky Lab stated that it had shared what it discovered of MATA with its Threat Intelligence Portal customers.
In the analysis of this security company, it is explained that the initial artefacts regarding MATA were established as far back as April 2018. As at that time, the person in charge of the malware framework used to target companies in India, South Korea, Germany, Japan, Turkey, and Poland.
The firms that were targeted operated in a lot of economic sectors. An eCommerce business, software company, and an ISP (Internet Service Provider) were part of its victims.
The perpetrators behind MATA showed that they have several motives for attacking their targets in their campaigns. For example, with a company, the malicious actors made use of the framework in querying the databases of the victim with the intention of getting the list of customers. They made use of their threat to share VHS ransomware with another victim.
Kaspersky Lab discovered three variants of MATA that are aimed at either macOS, Linus, or Windows.
There are a lot of components in the windows version, and these include an orchestrator element. An encrypted payload was invoked by the loaded with the use of a hardcoded hex-string. This action gave the orchestrator the chance to load plugin files, then execute then directly from memory. With these plugins, attackers got the chance to manipulate files, develop an HTTP proxy server, and do some other tasks.
One can get the Linux variant of this malware from a legit distribution website, and the macOS version comes as a trojan 2FA (two-factor authentication) software.
Kaspersky Lab revealed in its analysis that the malware platform is connected to a popular threat actor – the Lazarus APT group.
- Most Effective Cybersecurity Strategy For A Small Business [We Asked 45+ Experts]
- Oh Boy! Cycldek deploys USBCulprit malware for internet users
- EasyJet confirms that cybercriminals hijacked 9 million customers data
- When Is Hacking Illegal And Legal?
- Valak 2.0 malware loader turns enterprise data stealer