Track Common Adversary Tasks Performed Using BabyShark
To know more about it, you can go through my detailed document by clicking here
Overview
BabyShark is a Microsoft Visual Basic (VB) script-based malware family, that is linked with various North Korean campaigns, uses the same infiltration techniques as the KimJongRAT and STOLEN PENCIL, and spreads via spear phishing emails.
How Does it Works?
Firstly, the malware will execute the Microsoft Visual Basic script containing a malicious MS Excel file that will help it in giving the commands to look for user information, system information, system name, IP address, running tasks, etc. The acquired information is then encrypted by the BabyShark malware and sent to the C&C server. It is speculated that the main goal of this malware is to gather the intelligence regarding the national security issues of Northeast Asia.
Prevention
In order to secure your system against BabyShark malware you can:
- Be careful of the spear phishing campaigns especially preferred by North Korea as they may appear tempting but, that's how they work.
- Check the authenticity of the suspicious emails.
- Install a powerful antivirus/anti-malware tool all the time on your system and regularly scan your device with it.
To know more about it, you can go through my detailed document by clicking here
Comments
Post a Comment