Dangerous malware activates with three mouse clicks

A group of cybersecurity researchers discovered a series of attacks by an Asian group known as Ke3chang using a never-before-seen malware called Okrum.

According to ESET research, Okrum has a very smart method to activate and disappear. It is not yet clear how it is distributed but the malware has a security system that detects if it is running on a sandbox or research machine.

Apparently, the group operates outside the borders of China and reports its findings to the central government in Beijing. Many of these suspicions are based on previous attacks on diplomats from Europe, Central and South America. The country most attacked by the group is Slovakia.

Ke3chang attacks using Okrum are selective with very well identified targets. Due to its private nature it can be thought that it is an international espionage operation. The virus is activated after pressing the left mouse button three times. The reason is to know that it is a functional machine and not a trap.

After installing Okrum it can get administrator privileges. Then it proceeds to collect information from the infected machine such as username, IP host address and what version of the operating system is installed.

L. Saenz

Source: Fayer Wayer