Get to know DuneQuixote, The Malware Used by Hackers to Steal Data

Morrissey Technology – Dangerous malware continues to evolve. According to the cyber security company, Kaspersky, a new type of malware called DuneQuixote is currently emerging which targets government entities, both in the Middle East, Asia Pacific, Europe and North America.

DuneQuixote incorporates snippets taken from Spanish poetry to increase persistence and avoid detection, with the ultimate goal of cyber espionage. With this malware, hackers are able to spy on and retrieve the target’s sensitive data.

In its official statement, Kaspersky revealed that the initial malware dropper was disguised as a corrupted installer file for a legitimate tool called Total Commander. Inside this dropper, embedded are strings from Spanish poetry, with the strings varying from sample to sample.

According to principal security researcher at Kaspersky’s GReAT (Global Research and Analysis Team), Sergey Lozhkin, this variation aims to change the signature of each sample, making detection with traditional methodologies more difficult.

Embedded within the dropper is malicious code designed to download additional payloads in the form of a backdoor called CR4T. This backdoor, developed in C/C++ and GoLang, aims to give attackers access to the victim’s machine.

Specifically, the GoLang variant uses the Telegram API for C2 FOR4D communications, implementing public Golang telegram API bindings.

“This malware variation shows the adaptability and ingenuity of the threat actors behind this campaign. “At the moment, we have found two similar implants, but we strongly suspect the presence of additional implants,” said Sergey.

Kaspersky telemetry identified victims in the Middle East as early as February 2024. Additionally, multiple uploads of the same malware to semi-public malware scanning services occurred in late 2023, with more than 30 submissions. Other suspected sources of VPN exit points are located in South Korea, Luxembourg, Japan, Canada, the Netherlands, and the United States.

To avoid becoming a victim of attacks targeted by known or unknown cybercriminals, Kaspersky researchers recommend implementing the following steps:

Give your SOC team access to the latest threat intelligence (IT). The Kaspersky Threat Intelligence Portal is a single point of access for enterprise IT, providing cyber attack data and insights collected by Kaspersky over more than 20 years.

Upskill your cybersecurity team to address the latest targeted threats with Kaspersky online training developed by GReAT experts. For timely endpoint-level detection, investigation and remediation of incidents, deploy an EDR solution like Kaspersky Endpoint Detection and Response

In addition to adopting critical endpoint protection, implement enterprise-grade security solutions that detect advanced threats at the network level at an early stage, such as Kaspersky Anti Targeted Attack Platform

Since many targeted attacks start with phishing or other social engineering techniques FOR4D, introduce security awareness training and teach practical skills to your team for example, through the Kaspersky Automated Security Awareness Platform.