Russian hackers use HTTP status codes as new malware delivery system

Kaspersky security researchers recently discovered a new malware delivery system exploiting HTTP status codes.

Reports claim that the delivery system takes advantage of the known HTTP status codes. Moreover, the hackers are using a new version of the COMpfun malware strain.

A new malware delivery system

The COMpfun malware has been in existence for a number of years. However, cybersecurity experts report a new strain that utilizes a novel delivery system.

Security researchers claim that the new malware has been infecting hosts since November 2019. The researchers added that the malware specifically targets diplomatic institutions in and around Europe.

Turla, a Russian hacking group, is the main suspect of the hack. The group engages in a number of cyber-espionage operations that attack various operating systems.

The Turla group is also known for utilizing non-standard and novel cyber-attacking methods. Their malware has been known to be innovative and stealthy.

Telecommunication facilities are some of the common targets of Turla hackers. Among their most famous exploits include email backdoors, and modified Chrome and Firefox add-ons. The hacking group is famous for its sophisticated and novel hacking style that can evade detection.

In its recent attack, Turla is making waves in the hacking community. The hackers use old, but still reliable, delivery methods. Using a command and conquer server, the malware can serve HTTP status codes to attack its hosts.

New malware strain

Aside from utilizing an update delivery system, the hackers are also using a classic malware called COMpfun. This malware strain is a remote access trojan (RAT). Once it infiltrates its target, it can collect screenshots, system configurations, and keylogs.

The malware collects data and sends it to a remote server. COMpfun is relatively old malware. Experts discover the earliest form of the malware back in 2014. Kaspersky reports that the new strain of the malware is upgraded to exploit vulnerabilities in new machines.

What makes the new COMpfun malware effective is its delivery system. Current computing trends can detect HTTP headers and traffic that contain malicious codes. The malware from Turla bypasses these security measures by using server-client protocols that rely mostly on HTTP status codes.

HTTP status codes are standard in almost any computer system. As the name implies, these status codes usually inform the client of the status of their Internet connection.

Evidence points to a possible Russian cyber-actors. Cybersecurity experts agree that their motives include data gathering and remote monitoring.

Image courtesy of  welcomia/Shutterstock

Micky is a news site and does not provide trading, investing, or other financial advice. By using this website, you affirm that you have read and agree to abide by our Terms and Conditions.
Micky readers - you can get a 10% discount on trading fees on FTX and Binance when you sign up using the links above.