A newly discovered permutation of the Sykipot Trojan, which has been used for years in attacks stemming from servers in China, can be used to compromise the U.S. Defense Department's Common Access Cards, according to Alienvault Labs. The variant comes rolled into phishing attacks and uses a keylogger to "effectively hijack DOD and Windows smart cards," says Alienvault's Jaime Blasco.
The variant has appeared in dozens of attack samples over the past 12 months. The spear-phishing attacks are built to get their targets to open an Adobe PDF attachment, which takes advantage of an Adobe zero-day vulnerability to load Sykipot onto their computers, according to Alienvault's research. Using a keylogger, the Sykipot variant can then swipe PINs from cardholders signing in, and subsequently pose as the legitimate user to steal information for as long as the card remains in the smart-card reader, Alienvault says.
The malware also displays the public-key encryption certificates kept on the system, and Blasco says Alienvault has tested the malware and it is, in fact, working. "It's likely they got inside protected systems and gained access using this malware," he notes.
We enjoy helping our customers each and every day.