Thousands Of UK Users Cursed By ‘Magic Malware’

A never-seen-before strain of malware hitting UK businesses as part of an ongoing criminal campaign has been described as “magic”, but thousands are thought to be at risk of data theft, a security company has warned.

The “magic” aspect of the attack derives from the code the malicious hackers are using to communicate with the malware, which is itself custom made.

Malware conjurers threaten British business

Instead of using the HTTP protocol to talk with the command and control servers, the malicious software used an unknown protocol, always using some “magic code” at the beginning of the conversation, Israeli company Seculert said today.

It meant that quite literally too. It found the malware received an initial response to use “some_magic_code1” as an operation.

Thousands have been infected for the last 11 months and the majority of the targets are in the UK. The perpetrators are operating on mainland Europe.

“We are aware that the total number of infections is high  thousands. Both businesses and individuals. Though, because this malware targets web browsing activity (e.g. Outlook web access, SSL VPN, etc.), they are most probably targeting individuals remotely accessing their corporate network,” Aviv Raff, CTO and co-founder at Seculert, told TechWeekEurope.

“Usually, well-funded groups are using their own custom-made malware in their persistent attacks.

“Throughout the one year activity of this campaign, the servers are moving their location between France, Germany and the Netherlands.

“We have seen several industries being targeted – including finance, education and telecoms.”

Raff said the relevant law enforcement agencies had been contacted.

The malware itself can set up backdoors on users’ systems, steal information and inject HTML into the browser. Seculert, as noted in its blog post, believes the current phase of the attack is to monitor the victims, noting how many of the malware’s functions have not yet been fully implemented.

“Because this malware is also capable of downloading and executing additional malicious files, this might be only the first phase of a much broader attack,” the company wrote.

What do you know about Internet security? Find out with our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

21 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

21 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

22 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

24 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

1 day ago