The malware has been classified as a ‘serious threat’ and can result in ‘significant data breach or heavy financial loss’
The Bangladesh government has issued an alert over a possible malware attack through fake or phishing websites on the country’s cyber network.
The e-Government Computer Incident Response Team (e-GOV CIRT) issued the alert on Wednesday, said a report on its website.
According to the alert, CIRT observed and identified ongoing development of attack variants and dedicated malware campaign by the well-known threat actor “KASABLANKA” specifically targeted to Bangladeshi infrastructure.
The report also said campaign attackers tried to allure the people interested for Covid-19 vaccination by using fake web portal (corona-bd.com/apply) such as the Bangladesh government’s official Covid-19 vaccine program associated website (corona.gov.bd)
“The specific campaign utilized the involving a type of RAT (Remote Access Trojan) known as LodaRAT, specifically a variation of familiar AutoIT malware LODA (win.loda),” the report said.
The CIRT report also noted, “Primarily it seems, threat actor’s motives behind this campaign is merely to spread their botnets within Bangladesh and possibly to tweak for espionage rather than purely from breaching accounts for financial gains.”
It also mentioned that the malware is a “serious threat” and can result in “significant data breach or heavy financial loss.”
In this ongoing malware campaign, the threat actor uses a particular variant of RAT named as LodaRAT.
“This variant has the ability to access and record the microphone and web camera of the targeted device,” the report mentioned.
Some antivirus products currently detect the malware Loda as “trojan.nymeria.”
The report also asked all to be vigilant about cybersecurity and report suspicious issues to https://www.cirt.gov.bd/incident-reporting/