The group of Chinese hackers thought to be responsible for the cyber attack on the New York Times has added Dropbox to their toolbox.
According to PC World, the group has been using Dropbox for the past 12 months as a “mechanism for spreading malware.”
Rich Barger, chief intelligence officer for Cyber Squared, a digital security company said to PC World that while the tactic is not unique, most companies aren’t aware of the tactic.
The hackers did not hack Dropbox. Instead they are capitalizing on its file sharing system to spread their malware.
[The hackers upload to] Dropbox a .ZIP file disguised as belonging to the U.S.-ASEAN Business Council. Messages were then sent to people or agencies that would be interested in the draft of a Council policy paper.
When a recipient unzipped the file, they saw another one that read, “2013 US-ASEAN Business Council Statement of Priorities in the US-ASEAN Commercial Relationship Policy Paper.scr.” Clicking on the file would launch a PDF of the document, while the malware opened a backdoor to the host computer in the background.
Once the door was open, the malware would reach out to a WordPress blog created by the attackers. The blog contained the IP address and port number of a command and control server that the malware would contact to download additional software.
[Image credit: Lifehacker]