Some of the positive vibes taken away from President Trump's recent meeting with North Korea's Kim Jong Un may be tempered following a joint DHS-FBI report detailing a new trojan dubbed Typeframe being used by the Hermit Kingdom.
The Malware Analysis Report (MAR) stated Typeframe is being used by the known North Korean hacking group Hidden Cobra and federal officials are distributing the report to help reduce exposure to the malware. DHS and the FBI used 11 samples of the malware containing 32-bit and 64-bit Windows executable files and a malicious Microsoft Word document that contains Visual Basic for Applications macros.
“These files have the capability to download and install malware, install proxy and Remote Access Trojans (RATs), connect to command and control (C2) servers to receive additional instructions, and modify the victim's firewall to allow incoming connections,” the MAR stated.
In addition to the detailed analysis offered in the MAR, US CERT recommended companies follow basic best practices to remain safe, including maintaining up-to-date antivirus signatures and engines.
- Keep operating system patches up-to-date.
- Disable File and Printer sharing services. If these services are required, use strong passwords or Active Directory authentication.
- Restrict users' ability (permissions) to install and run unwanted software applications. Do not add users to the local administrator's group unless required.
- Enforce a strong password policy and implement regular password changes.