Malware turns victims into unwitting streamers
Cybersecurity researchers have spotted an innovative new malware that uses a popular live-streaming app to record and broadcast the screen of its victims to the threat attackers.
Spotted by Trend Micro, the remote access trojan (RAT) named BIOPASS, piggybacks inside installers for Adobe Flash Player and Microsoft Silverlight, both of which have been deprecated by their respective developers.
In its detailed examination of the BIOPASS RAT, Trend Micro notes that the malicious Flash and Silverlight installers in fact load the “sophisticated” RAT that’s implemented as Python scripts.
“What makes BIOPASS RAT particularly interesting is that it can sniff its victim’s screen by abusing the framework of Open Broadcaster Software (OBS) Studio, a popular live streaming and video recording app, to establish live streaming to a cloud service via Real-Time Messaging Protocol (RTMP),” shares Trend Micro.
Trend Micro spotted BIOPASS in recent attacks, in what is known as a watering hole attack, against online gambling companies in China.
Although Trend Micro isn’t sure about the identity of the threat actors behind the RAT, it has found several pieces of evidence during its investigations to suggest that the malware could’ve been engineered by Chinese state-sponsored actors known as Winnti or APT41.
While state-sponsored threat actors are usually tasked to launch attacks across their borders, interestingly, Trend Micro notes that BIOPASS has several features that indicate that it is designed to target and steal the victim’s private information primarily from the web browsers and instant messengers that are popularly used in China.