BLYPT: Malware Family Slips Blobs through the Backdoor
May 26, 2014
Notably, researchers have observed the malware family to largely target individuals or home users in the United States, as opposed to business or large companies. Those who have not updated their Java software are particularly at risk of attacks as BLYPT is known to exploit a particular flaw in the said software.
The BLYPT family has two variants, each of which differ in terms of what file names are used to save the malware components and to which server the stolen information will go. From what we saw, these servers as mostly located in Romania (65.8%) and Turkey (18.4%). Apart from these, the two variants share identical routines, which include downloading an installer and attempting to connect to command-and-control servers for up to 32 times.
Since BLYPT is a backdoor malware family, its attackers can just easily use the said Java exploit to slip in remote commands to get data from affected computers. Depending on the attackers’ intent, they can just easily hijack computer libraries to load their own malicious commands, send updated Internet configurations, and connect to an external site to steal computers’ IP addresses and more.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
Posted in Cyber Attacks, Targeted Attacks
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases