Security experts discovered a dangerous malware that stole massive amounts of data by hijacking the microphones installed on computers and laptops.
Security firm CyberX Labs shows that initial infection occurs through Microsoft Word documents which are usually sent via email. After being opened, the Word documents infect the computers through various macro elements attached. Then the malicious sowfware hacks the microphone and gains control of PC / laptop which, once compromised, starts uploading audio files and other data to Dropbox, where they are collected by the hackers.
“Operation BugDrop appears very well organized, uses a complex malware, and is probably supported by an organization with substantial resources,” said the security analysts. They say it takes a well-developed infrastructure to store, decrypt and analyze several gigabytes of data received on a daily basis. In addition, a large team of people is needed to manually sort all stolen data and process them later.
Most of the targets appear to be located in Ukraine and there are some striking similarities between this attack and another from 2015 that left 225,000 people without electricity, although it’s not known whether both hacks were conducted by the same cyber criminals.