India Affected by 'Bioazih' Trojan, Warns CERT-In

The Computer Emergency Response Team of India (CERT-In) has detected that the malware identified as 'Bioazih' which can acquire as many as five aliases to hide its evil designs and "can execute commands remotely, upload data, download and execute files" in an unauthorsied manner.

"It has been reported that a new malware having backdoor functionalities dubbed as 'Bioazih' is spreading. The malware propagates by means of spear phishing emails containing attached malicious document exploiting Microsoft Office vulnerability or the Remote Access Trojan (RAT) may infect the targeted users system by means of malware dropper also," CERT-In said in its latest advisory to Internet users.

The CERT-In is the nodal agency to combat hacking, phishing and to fortify security-related defences of the Indian Internet domain.

The threat is critical as it belongs to the deadly 'Trojan' family and a 'spear phishing' attack is a clever activity done by an infectious malware to hit a healthy system stealthily.

The agency said the malware makes use of different techniques to maintain anonymity of its command and control servers or it sets up virtual private networks to host their servers in order to hide their actual locations.

"Once connection is established, the malware then is capable of communicating with command and control server to execute remote commands, upload and download data, create and delete files, manipulate files and folders, terminate itself among others," the advisory said.

"The users should look for identifications like the name Bioazih and its aliases in suspect emails and links and should refrain from clicking on them.

"Also, security firewalls on personal systems, emails and other online platforms should be strong to avoid getting attacked by it," a cyber expert said.

The CERT-In has suggested some counter-measures in this regard to users which include looking for unusual ports opened, deletion of system changes made by the malware such as files created/registry entries among others.

It added that an user should configure his or her email server to block or remove emails that contain file attachments that are commonly used to spread threats such as .vbs, .bat, .exe, .pif, .jpg, and .scr files.

"Disable auto run/auto play, do not visit untrusted websites, enable firewall at gateway or desktop level, do not download or open attachment in emails received from untrusted sources or unexpectedly received from trusted users and install and scan anti-malware engines and keep them up-to-date" are some of the other security protocols suggested by the agency to the users in this regard.