The Aria-body malware is believed to be a threat developed by an experienced Chinese APT (Advanced Persistent Threat) dubbed Naikon. The hacking group in question has likely been active for over a decade now, as they were first spotted back in 2010. The Aria-body threat is classified as a backdoor Trojan, and the APT responsible for it has updated it several times so far. According to malware researchers, the Aria-body threat has been deployed against specific targets in the Australian government. The targeted users received spear-phishing emails that contained the corrupted payload of the Aria-body Trojan. In 2019 the Filipino Department of Science and Technology was targeted with a very similar spear-phishing campaign by the same Chinese APT.
The authors of the Aria-body malware appear to target government organizations and officials, mainly. However, it is likely that there are plenty of victims of the Aria-body backdoor Trojan, which have not yet been identified by cybersecurity analysts. The Aria-body threat appears to be propagated by well-designed emails that contain corrupted attachments, whose goal is to exploit known vulnerabilities in the Microsoft Office service.
Once the Aria-body backdoor Trojan has infiltrated a targeted host, it would allow the attackers to:
- Take screenshots of the desktop and active windows of the user.
- Gather and exfiltrate data regarding the hardware and software of the infected system.
- Collect files from connected USB flash drives.
- Plant additional corrupted payloads.
- Monitor the running processes and services.
- Manage, delete, move, create files and folders.
- Search for certain filetypes and filenames.
- Launch a keylogger that exfiltrates the collected keystrokes to the C&C (Command & Control) server of the attackers.
- Launch a reverse proxy service.
If you want to protect your computer and your files from cybercriminals like the ones behind the Aria-body malware, make sure to obtain a reputable anti-malware application that will make sure you are not vulnerable to cyber-attacks.