The LitterDrifter spy worm was originally developed to spy on Ukrainian targets, but has now appeared in other countries as well. Distribution takes place via USB.

Check Point Research has dedicated a long blog to this topic LitterDrifter, a spy worm developed by the Russian hacker collective Gamaredon. The first variants of the worm appeared in Ukraine in 2014, but have spread worldwide. LitterDrifter was recently discovered in Germany, Poland, the United States, Hong Kong, Vietnam and Chile.

The malicious code is written in the Visual Basic scripting language and is surprisingly simple, Check Point notes. But as it turns out, even simple things can be very effective. All that is required to spread the worm is a USB stick. The infected USB drives create an LSK association and make a copy of the file trash.dll in your system.

The worm then penetrates your device’s command and control systems. This type of malware particularly affects the Windows Management Instrumentation (WMI) framework. LitterDrifter collects data from there and sends it to the distributor’s servers.

espionage

A worm differs from a virus in that it does not require human intervention to install. That and the ease of spreading them make worms a popular spying tool. Malware like LitterDrifter can circulate unnoticed for years and therefore spread far beyond its original target area. The best way to combat this problem is with malware protection that not only cleans the system but also the carrier(s).

Spyware occurs everywhere in the world. In our country, too, it has already been found on the smartphones of politicians and high-ranking judges in the judiciary and police. There is currently no internationally coordinated approach to combating this type of cyber attack. The European Union is trying to change this with the recently founded Tech Lab. We will explain this initiative in this blog.