Walden Systems Geeks Corner News New MATA Malware Framework Can Target Windows, MacOS, and Linux Rutherford NJ New Jersey NYC New York City North Bergen County

New MATA Malware Framework Can Target Windows, MacOS, and Linux

Rita gives you full control of what sites your employees visit. Rita can block sites that eat up your precious bandwidth such as media streaming sites. Rita enables you full control of what sites your employees can and cannot visit. Rita gives you the ability to block undesirable sites by wildcard or by name. Rita gives you the ability to determine which computers will be blocked and which will be allowed. With Rita, you can block access to sensitive servers within your LAN.

North Korean hacking group, Lazarus, have been using a new, multi-platform malware framework, called MATA, to target organizations worldwide. According to Kaspersky researchers, MATA was used to spread ransomware and steal customer databases. The MATA malware framework targets Windows, Linux, and macOS operating systems. MATA comes from the name used by the authors to identify their infrastructure, MataNet.

The malware framework uses a range of features that enable hackers to fully control the infected systems. According to researchers from Kaspersky, who first analyzed the framework, the MATA campaign has been active since April of 2018. The campaign targeted companies in software development, e-commerce, and an internet service provider around the world.

The MATA malware framework contains many parts, including loaders, orchestrators and plugins. This comprehensive framework is able to target Windows, Linux and macOS operating systems. Inspection of theMATA framework has several links to the Lazarus APT group, such as two unique filenames, c_2910.cls and k_3872.cls. These filenames have only been seen in several Manuscrypt variants. MATA uses global configuration data which use a randomly generated session ID and date-based version information. Researchers have previously observed one of the Manuscrypt variants that shares a similar configuration structure with the MATA framework.

MATA framework was also observed by security researchers from Netlab 360, Malwarebytes, and Jamf. In December, researchers from Netlab 360 found a new Remote Access Trojan called Dacls, that was used by the Lazarus APT group to target both Windows and Linux devices. In May, Malwarebytes researchers found a Mac version of Dacls being distributed by a fake, two-factor authentication application for macOS called MinaOTP. MATA can also target Linux-based diskless network devices, including such as routers, firewalls, or IoT devices.

Lazarus Group's activity increased in 2014 and 2015, its members used custom malware in their attacks. The group has been linked to several major cyber attacks, including the 2014 Sony Pictures hack, several SWIFT banking attacks, and the 2017 WannaCry ransomware infection. The MATA framework is dangerous because it is able to target multiple platforms.