Windows PC spy nasty dormant for three years, mutates and resurfaces
BigBoss and SillyGoose based on MM Core backdoor
Two new variants of some Windows spyware first discovered in 2013 have surfaced in targeted attacks, security firm Forcepoint warns.
The new nasties – BigBoss and SillyGoose – are based on the three-year-old MM Core backdoor. MM Core spawned a spin-off named "StrangeLove" shortly after its discovery before mysteriously becoming dormant for years.
Carl Leonard, principal security analyst at Forcepoint, said: "We've found that although MM Core's version has incremented twice, the core backdoor remains almost the same with the exception of new file and mutex names – showing that these malicious actors have been cunningly updating the malware just enough to keep their operation under the radar."
SillyGoose has been flung against organisations in the United States and Africa. The original MM Core was limited to attacks against Middle Eastern and Central Asian countries, with a particular focus on news and media, government defence, oil and gas manufacturing, and telecommunications industries.
More details of the malware can be found in a blog post here. ®