A new information siphoning backdoor trojan that has so far only used in Taiwan has been detected by Symantec researchers.
Backdoor.Dripion has been used only in a small number of targeted attacks, but based on previous iterations, Symantec suspects the custom-developed malware may be tied to an organisation called Budminer that has been involved in cyber-espionage campaigns.
The downloader was identified as Downloader.Blugger, which has been around since 2011. It retrieves Dripion for installation from a remote blog and the attackers disguise their efforts by employing domain names that appear to be anti-virus company websites for their command and control servers. Although the blog is in English, targets so far have been limited to Taiwan.
Once Dripion is installed, attackers gain access to targeted computers, which enables them to upload, download and siphon out data and execute remote commands.Version numbers are hardcoded in the malware, indicating that the attackers can create, modify and update their code, Symantec researchers said.