New Remote Access Trojan Used In Cyberespionage Operations

itwbennett writes: Researchers from Arbor Networks have discovered a new remote access Trojan, dubbed Trochilus, whose detection rate was very low among antivirus products. The malware was discovered while the researchers were investigating attacks in Myanmar that were launched from compromised government websites. While the Myanmar attacks provided initial insights into the group's operations, additional research revealed that the hackers' activities extend beyond that country.

Trochilus sucks

[turkeydance]

they found it

This is why I do everything on my iPhone

It's ultra secure, free of malware and on top of that - it totally doesn't have a government backdoor because Apple said it didn't. I use it for all my secret stuff and am safe and happy!

Re:This is why I do everything on my iPhone

You forgot the sarcasm tag.
(unless you believe that apple crap, which completely defies reality)

Hackers???

[jcbarlow]

Perhaps we should just retire the word "Hacker" in this context and replace it with a more accurate term like "Spy". It's pretty obvious that this is espionage.

Re:Hackers???

Staged from a Myanmar election site, to a Myanmar launching server, yet looks like a commercial product seen in multiple places in different variants.

It'll be Hacking Team or similar companies work, Myanmar is really a military leadership with a token democracy under it. They want the benefits, wealth development they see with democracies but while keeping control of the populace.

So for example, you can't move between provinces without a permit in Myanmar. They keep the population trapped in a cell the size of a province. While the soldiers can move freely, so a small army can control a much larger population by divide-conquer rule.

So the military will have bought it.

Re:Hackers???

Hacker and spy are not mutually exclusive.

Re:Hackers???

[GrumpySteen]

I think you mean "cyberspies" since this is about cyberespionage. But cyberspies can be cyberhackers, too (and they're all cyberpatriots who protect our cybershores from cyberterrorists).

Re:Hackers???

Cyberwhores?

Did I miss something?

[sims+2]

Its a new Trojan so? How did it get on the machine? Did they use a zero day exploit? That would be news.

Iirc a Trojan just installs something else when run something else had to put it on the system. Typically a drive by exploit from an ad network.

I could make a autoit script that would download and install Microsoft office while claiming to install libreoffice. You could call that a Trojan too right?

Re:Did I miss something?

[AHuxley]

The linked "Uncovering the Seven Pointed Dagger" has some interesting information on what was of interest (Special Economic Zones (SEZs) in Myanmar) and what was discovered.
https://asert.arbornetworks.co...
The ability to evade detection is interesting, likes to stay in memory and is resistant to simple malware detection. Remote uninstall, upload, download and could move within target networks.

Cool!

[sunderland56]

Wow, I know that robotic technology and haptic feedback was advancing quickly, but a remote access Trojan? Is there a public beta?

Re:Cool!

[Applehu+Akbar]

The bad news is that the first application will be a parental lockout.

Re:Cool!

Oedipus, is that you? -PCP

Captcha: stiffer

trochilusd

A new bit of Poettering shitcode added in systemd

Trojan launched from compromised websites ..

[tetraverse]

Trojan launched from compromised websites and is only exploitable on Microsoft Windows.

Is it too much to ask?

Can we have what OS and what versions are vulnerable to this? It seem that lately that information is NEVER in the summary.