Who:
The malware, dubbed 'DISGOMOJI,' was discovered by cybersecurity firm Volexity.
The suspected threat actor, 'UTA0137,' is believed to be based in Pakistan.
The malware targets government agencies in India.
What:
DISGOMOJI is a Linux malware using emojis sent via Discord for command and control (C2).
It executes commands, takes screenshots, steals files, deploys additional payloads, and searches for files on infected devices.
The malware targets a custom Linux distribution named BOSS used by Indian government agencies.
Impact:
Data Exfiltration: DISGOMOJI collects and sends system information, including IP address, username, hostname, operating system, and current working directory, back to the attackers.
Persistence: The malware maintains persistence using the @reboot cron command and other mechanisms.
Lateral Movement: Once a device is breached, threat actors can spread laterally, steal data, and attempt to gather additional credentials.
Bypassing Detection: The use of emojis for C2 communication could potentially bypass security software that looks for text-based commands, making detection more challenging.
Read the full article HERE