clock menu more-arrow no yes

Filed under:

New 'MiniDuke' malware targets European governments through Adobe Reader exploit

New, 4 comments
Padlock Macbook
Padlock Macbook

New reports from international security experts claim that European governments have faced a barrage of hacking attacks over the past week According to Kaspersky Lab, the exploit — which has been dubbed "MiniDuke" — is designed to let infiltrators spy on governments and private institutions. The research firm says that a number of "high-profile" targets have already been compromised, including governments agencies in Ukraine, Belgium, Portugal, Romania, the Czech Republic and Ireland. An unnamed US healthcare provider was also infiltrated. Unlike a recent string of malware attacks, however, MiniDuke doesn't rely on weaknesses in Oracle's Java platform to carry out its secretive assault.

Instead, it was designed to capitalize on an exploit within Adobe's Reader application. According to Kaspersky, perpetrators demonstrated "extremely effective social engineering techniques" by sending out infected PDF documents containing "highly-relevant" data to lend them a sense of credency. Once it has been installed, the malware — without a user's knowledge — seeks out predetermined Twitter accounts for encrypted instructions. If Twitter is unavailable or an account has been deleted, the malware is also capable of searching Google for directives.

Adobe has since patched the Reader vulnerability, but Kaspersky maintains that whoever is behind the attack was still active as of February 20th. Even more worrying, founder Eugene Kaspersky hasn't seen this type of sophisticated attack in decades and believes long-dormant hackers may be returning to the trade. "The combination of experienced old school malware writers using newly discovered exploits and clever social engineering to compromise high profile targets is extremely dangerous," he says.