In a recent cybersecurity report, it has been revealed that a new malware strain called GoGra has been identified by Symantec researchers. This malware leverages the Microsoft Graph API to gain unauthorized access to the Outlook mail service using OAuth access tokens assigned to a specific username known as FNU LNU.
The modus operandi of GoGra involves accessing the Outlook mailbox and extracting instructions from email messages containing the keyword “Input” in the subject line. These messages, however, are encrypted using the robust AES-256 encryption algorithm. To decrypt the contents, the malware utilizes a hardcoded key embedded within its code.
According to the researchers at Symantec, once the instructions are decrypted, GoGra executes commands by interfacing with the cmd.exe input stream. Additionally, the malware supports a command called “cd” which enables it to change the active directory on the compromised system. After executing a command, GoGra encrypts the output and sends it back to the same user via email with the subject line “Output.”
In a related development, another advanced persistent threat (APT) malware implant known as Trojan.Grager has also been identified. This malware variant targeted organizations based in Taiwan, Hong Kong, and Vietnam in April. The distribution method involved disguising the malware as a legitimate installer for the 7-Zip archive manager.
Unlike GoGra, Trojan.Grager uses Microsoft OneDrive instead of Outlook as a command-and-control (C2) channel for communication with the attacker’s infrastructure. Once deployed on a target system, this backdoor functionality allows the attacker to download, upload, and execute files as well as gather crucial system and machine information for malicious purposes.
The emergence of these sophisticated malware strains underscores the growing complexity and persistence of cyber threats faced by organizations worldwide. To mitigate the risk of such attacks, it is imperative for businesses to implement robust cybersecurity measures, including regular software updates, employee training on phishing awareness, and the deployment of advanced threat detection technologies.
As cybersecurity threats continue to evolve, proactive defense strategies and collaboration between security professionals are integral to safeguarding sensitive data and ensuring the resilience of organizational infrastructures against malicious actors. The ongoing research and analysis conducted by cybersecurity experts play a crucial role in identifying emerging threats and developing effective countermeasures to protect against cyber attacks in an ever-evolving threat landscape.