It also queries the C&C servers for commands to execute, the F-Secure researchers said in the blog post.īased on statistics for the YouTube videos whose descriptions are parsed by the malware, the malware's functionality and the contents of the decoy document, F-Secure researchers believe the malware is being used in targeted attacks, Sullivan said.
Janicab continuously takes screenshots and records audio and uploads the collected data to command and control (C&C) servers that it finds by parsing the description of specific YouTube videos. If users agree to open the file, the malware will install itself in a hidden folder in the user's home directory and will open a decoy PDF document containing what appears to be a news article in Russian.
0 kommentar(er)
