A cybersecurity researcher at ESET today published an analysis of a new piece of malware, a sample of which they spotted on the Virustotal malware scanning engine and believe the hacker behind it is likely interested in some high-value computers protected behind air‑gapped networks.
Dubbed ‘Ramsay,’ the malware is still under development with two more variants (v2.a and v2.b) spotted in the wild and doesn’t yet appear to be a complex attacking framework based upon the details researcher shared.
However, before reading anything further, it’s important to note that the malware itself doesn’t leverage any extraordinary or advanced technology that could let attackers jump air-gapped networks to infiltrate or exfiltrate data from the targeted computers.
According to ESET researcher Ignacio Sanmillan, Ramsay infiltrates targeted computers through malicious documents, potentially sent via a spear-phishing email or dropped using a USB drive, and then exploits an old code execution vulnerability in Microsoft Office to take hold on the system.
‘Several instances of these same malicious documents were found uploaded to public sandbox engines, labeled as testing artifacts such as…