The malware targets the BOSS Linux distribution used by Indian agencies; however, it can infect other Linux distributions as well.
Emojis are being used by Linux malware known as “DISGOMOJI” to take control of compromised machines via Discord. The malware was discovered by cybersecurity company Volexity, which also connected it to ‘UTA0137,’ a threat actor with a base in Pakistan that preys on Indian government entities.
“In 2024, Volexity identified a cyber-espionage campaign undertaken by a suspected Pakistan-based threat actor that Volexity currently tracks under the alias UTA0137,” the firm reported. “We assess with high confidence that UTA0137 has espionage-related objectives targeting government entities in India. Based on our analysis, UTA0137’s campaigns have been successful.”
The malware targets the BOSS Linux distribution used by Indian agencies; however, it can infect other Linux distributions as well. It was discovered within a UPX-packed ELF executable in a ZIP archive that was probably circulated by phishing emails.
Once the virus is executed, it shows a bogus PDF that appears to be a beneficiary form from the Defence Service Officer Provident Fund in India. In the background, it is covertly downloading other payloads, such as the DISGOMOJI malware and a shell script called ‘uevent_seqnum.sh’ that is used to steal data from USB drives.
DISGOMOJI sends back to the attackers the system data that has been exfiltrated, including the IP address, username, hostname, operating system, and current working directory. Via the open-source discord-c2 project, the malware facilitates command and control over Discord channels by enabling attackers to give commands via emoticons, thereby circumventing security software that looks for text-based commands.
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.