Chinese hackers harnessed DropBox to transfer malware

Chinese intruders gang used to transfer malware in a simple manner – using DropBox and WordPress functionality.
The gang is called ‘DNSCalc’, known mainly due to its past intrusions to The New York Times servers and collection of information for months until discovered.
This time it turns out that the gang was able to install malware on computers of organizations and users by using simple cross-platform DropBox and WordPress.

As far as we know, the DNSCalc gang count 20 Chinese hackers that attack specific targets in order to steal information.
The current assault was focused on finding intelligence information on private users or organizations associated with government unions of south-east Asia (ASEAN), a nonprofit political and economic organization.
The gang used DropBox and WordPress over the last year to spread malware among users and organizations related to ASEAN, however the attackers have not exploited the security vulnerabilities of these services, but used them in the usual way in order to bypass the security mechanisms in organizations.

In practice, the team raised DropBox ZIP file that supposedly created by the union Consul, and sent messages to users and agencies that would most likely express interest in the document in question. When they received and opened the ZIP file, they encountered a file called “2013 US-ASEAN Business Council Statement of Priorities in the US-ASEAN Commercial Relationship Policy Paper.scr”, Which indeed contained a PDF document, but also included a “small surprise” in the form of malicious software that installs itself in the background.

Once the malware installed it calls the WordPress blog set up group containing the IP address and Port to the hackers server so that the malware can continue to download more files and keep track of correspondences.

While using DropBox as a distributing malware method is not considered new, it is indeed a mean that users and even organizations tend to ignore. Many organizations are adopting the use of DropBox and put it in their Whitelists without realizing that even using the software in the standard way can jeopardize the information that the organization holds.

It is likely that malware transmitted through DropBox won’t be recognized by the organization’s security system, since there are no suspicious behaviors that could raise a red flag by the security mechanisms. Thus, users may be harmed and then hurt the rest of the organization without noticing.

The recommendation is to share the information, that is, if an organization knows that it could be a target of such attacks, it is recommended to inform the employees to be aware of the various files getting onto their personal or organizational computers, and of course install security mechanisms on the computers themselves, in order to avoid penetrations as much as possible.