A group of hackers has been able to hijack PC microphone using the DLL malware injection which activated from macros in the Microsoft Word document. The operation has extracted more than 600 GB of data from the targets in several countries.
The attack was uncovered by a security firm CyberX, which publish their discovery Wednesday, Feb. 15. CyberX nicknamed the coordinated attack as “Operation BugDrop.” The nickname was given because the malware can eavesdrop the conversation beside stealing files from the infected computers and sending it to the designated server.
The malware was planted as the malicious macro in the Microsoft Word document. When the document is opened it activates the macro that will download an executable file and a dynamic link library (DLL) files and injecting the DLL files into the Windows operating system that takes over the device in the computer.
Subsequently, the malicious program will steal the data from the infected computer. The program will scan the files stored on the hard drives or the connected network drive. The malware searches the files based on their extension, including presentations, spreadsheets, documents and zipped files.
Those files will be encrypted and sent to the Dropbox account. Moreover, the malware also hijack the microphone to capture audio conversation, which later to be sent to the designated Dropbox.
This sophisticated malware attack is targeting wide range of industries as reported by Ars Technica, from infrastructure, news media, and scientific research.
Companies and organizations have been the main target of the attack. It has been reported to target many Ukrainian infrastructures and obtaining tons of sensitive data on infrastructure, news media, and scientific research from the country. However, similar attack also reported from the companies and organizations in Russia, Austria and Saudi Arabia.
As for now, the number of stolen data from the operation BugDrop has reached more than 600 GB and infiltrated 70 organizations. Watch the report about the sophisticated attack below: