Malware With Mars Rover Code Used to Target India-Afghanistan Relations: Report

A high profile Indian diplomat, the Ambassador to Afghanistan, was recently the target of a security attack. The malware was reportedly delivered via an email that was crafted and spoofed to look like it was sent by Manohar Parrikar, Defence Minister of India.

The attack was initiated on December 24, 2015, reports security firm Palo Alto Networks, which obtained a copy of the email. The imposter congratulated the Ambassador to Afghanistan for efficiently spearheading various development projects in the country.

The email came with an attachment entitled "Appreciation_letter.doc" which in turn had exploits for a specific vulnerability - CVE-2010-3333 affecting Microsoft Word. Palo Alto Networks reports that the exploit code was designed to download and execute a file from newsumbrella[dot]net website.

The exploit would download a number of files including Cxcore210.dll and Highgui210.dll files that are based on OpenCV modules. OpenCV, for those unfamiliar, is a library of functions built for real-time computer vision applications as well as machine learning. The technology has been used on a range of things, including Mars Rover.

"During the analysis, it was noticed that Rover's detection rate is extremely low. This is surprising as the malware lacked many modern malware features, yet it is successful in bypassing traditional security systems," Palo Alto Networks said in a press statement. "The low detection rate also enables the malware to fulfil the objectives of the attacker getting the information required."

The 'Rover' malware was designed to take screenshots of the victim's computer, a "heartbeat" signal that would check every five seconds whether the C2 server was running. The toolkit would also steal document files from the hard drive, and plant a keylogger which would listen to every command typed on the system.

Additionally, the 'Rover' malware was also designed to search files on USB drives and implant a backdoor which would take photos using the system webcam, record audio, and take screenshots.

In recent times, India and Afghanistan have come closer. India helped fund Afghanistan's economic development and construction of critical infrastructure, and among other things, a new parliament complex for the Afghan government.

Gadgets 360 has reached out to Palo Alto Networks for more details. The incident goes on to prove how sophisticated attackers have grown over the years.