The Cisco Talos team said that Tortoiseshell hacker organization created fake veterans hiring website that pretends to help US veterans find jobs and infects victims’ computers through malware. The Talos team said in a blog post that the site, called hxxp://hiremilitaryheroes[.]com, requires users to download a fake installer application that deploys malware and malicious spyware.
The system information retrieved by the attacker includes hardware, firmware version, patch level, number of processors, network configuration, domain controller, screen size, and administrator name. The Cisco Talos team said: “This is a significant amount of information relating to a machine and makes the attacker well-prepared to carry out additional attacks. The attacker even gets the size of the screen by using WMI, which is potentially a trick to identify if the system is a sandbox.” The team believes that this may affect many people.
The malware has four features:
- kill_me: It stops the service and removes the malware
- Upload: It downloads a file on the internet
- Unzip: It uses PowerShell to unzip and execute code on the system
- And finally, the malware can execute a command