14 DAY TRIAL // Seculert researchers have come across an interesting piece of malware which they’ve dubbed the “magic malware.”
Unlike other persistent threats, which receive their instructions from the command and control server via the HTTP protocol, this particular malware communicates via a custom-made protocol. To make things even more interesting, each “conversation” between the malware and the server starts with a magic code.
Experts have found that the malware has been active on the targeted machines for the past 11 months. In total, thousands of entities have been infected, 78% of which are located in the United Kingdom.
Some victims have also been identified in Italy, the United States, Germany and other countries.
This piece of malware is still under development, so it’s uncertain what its ultimate goal is. On the other hand, it’s already capable of stealing information, injecting HTML code into the browser, opening backdoors and downloading additional executable files.
For the time being, Seculer believes the malware is only utilized to monitor the activities of the targeted entities. However, considering its broad capabilities, this might be only one phase of a larger attack.