Hacking virus 'Bladabindi' targets Windows users in India, steals personal info: Cert-In

Cyber security sleuths have alerted Indian Internet users against hacking attempts of a clandestine multi-identity virus - Bladabindi - which steals sensitive personal information of a user for nefarious purposes.   The virus, the Computer Emergency Response Team-India (CERT-In) said, could infect “Microsoft Windows operating system” and it spread through removable USB flash drives, popularly known as pendrive and data cards, including other malwares.   CERT-In is the nodal national agency to combat hacking, phishing and to fortify security-related defences of the Indian Internet domain. “It has been reported that variants of malware called Bladabindi are spreading. This malware steals sensitive user information from infected computer system. Bladabindi could also be used as malware downloader to propagate further malware and provide backdoor access to the remote attacker.   “Some of the Bladabindi variants could capture keyboard press, control computer camera and later send collected sensitive information to remote attacker. Bladabindi is infecting Microsoft Windows operating system and spreading via infecting removable USB flash drives and via other malwares,” the latest advisory by the agency said.   The threat potential of the malware or the virus can be gauged from the fact that it can acquire as many as 12 aliases to conceal its real identity and later affect a computer system or personal information of a user.   “Bladabindi variants can be created using a publicly available malicious hacker tool. Attacker can create a malicious file using any choice of icon to mislead or entice naive user into running the malicious file,” the advisory said.   The virus possesses a unique ability to acquire a safe network domain id in order to falsely add itself to the firewall exclusion list and bypass a user’s firewall mechanism.   A typical ‘Bladabindi’ variant propagates by way of copying themselves into the root folder of a removable drive and create a shortcut file with the name and folder icon of the drive. When the user clicks on the shortcut, the malware gets executed and Windows Explorer is opened and it makes it seem as if nothing malicious happened.   A potential attack by the virus could result into the loss of important proprietary data of a user like “computer name, country and serial number, Windows user name, computer’s operating system version, Chrome stored passwords, Firefox stored passwords, the agency said in the advisory.   “The malware can also use infected computer’s camera to record and steal personal information. It checks for camera drivers and installs a DLL plugin so it can record and upload the video to a remote attacker. The malware can also log or capture keystrokes to steal credentials like user names and passwords,” the CERT-In cautioned users.   The agency has also suggested some countermeasures against “Bladabindi’.   “Scan computer system with the free removal tools, disable the autorun functionality in Windows, use USB clean or vaccination software, keep up-to-date patches and fixes on the operating system and application software, deploy up-to-date anti-virus and anti-spyware signatures at desktop and gateway level,” the agency suggested.   It also recommended users should not follow unsolicited web links or attachments in email messages, do not visit un-trusted websites, use strong passwords and also enable password policies, enable firewall at desktop and gateway level, guard against social engineering attacks and limit user privileges.   PTI