Kaspersky discovers StoneDrill wiper malware
Security researchers from Kaspersky Lab have found a very powerful malware, one which is capable of completely wiping the contents of a disk. Announcing the finding, the security company says the malware, which it dubbed StoneDrill, was found on just two machines so far, one in the Middle East, and one in Europe.
The researchers claim StoneDrill is both similar and "very different and more sophisticated" than another wiper malware -- Shamoon 2.0. They actually stumbled upon StoneDrill while investigating Shamoon 2.0.
At this time, researchers still don't know how the malware is propagated, but they do know how it works:
"Once on the attacked machine it injects itself into the memory process of the user’s preferred browser. During this process it uses two sophisticated anti-emulation techniques aimed at fooling security solutions installed on the victim machine. The malware then starts destroying the computer’s disc files."
This is obviously more serious than your average virus. There is also a StoneDrill backdoor, apparently created by the same code writers, and created for the purpose of espionage.
"Experts discovered four command and control panels which were used by attackers to run espionage operations with help of the StoneDrill backdoor against an unknown number of targets," the report states.
“We were very intrigued by the similarities and comparisons between these three malicious operations. Was StoneDrill another wiper deployed by the Shamoon actor? Or are StoneDrill and Shamoon two different and unconnected groups that just happened to target Saudi organizations at the same time? Or, two groups which are separate but aligned in their objectives? The latter theory is the most likely one: when it comes to artifacts we can say that while Shamoon embeds Arabic-Yemen resource language sections, StoneDrill embeds mostly Persian resource language sections. Geopolitical analysts would probably be quick to point out that both Iran and Yemen are players in the Iran-Saudi Arabia proxy conflict, and Saudi Arabia is the country where most victims of these operations were found. But of course, we do not exclude the possibility of these artifacts being false flags," says Mohamad Amin Hasbini, senior security researcher, Global Research and Analysis Team, Kaspersky Lab.
Published under license from ITProPortal.com, a Future plc Publication. All rights reserved.
Photo Credit: Rawpixel.com/Shutterstock