Threat Database Malware Elise Malware

Elise Malware

By GoldSparrow in Malware

The Elise Malware is a hacking tool that belongs to the hacking arsenal of the infamous Lotus Blossom APT (Advanced Persistent Threat). This hacking group is also known as DRAGONFISH and appears to originate from China. Most of the victims of the Lotus Blossom APT are government-linked organizations and various companies operating in the defense industry. The activity of the Lotus Blossom hacking groups is concentrated in the South-East Asian region mainly. The Elise Malware hacking tool first emerged in 2015, but the Lotus Blossom APT has introduced various updates to it over the years.

The Lotus Bloom APT may deploy the Elise Malware as a first-stage payload. The goal of the Elise Malware is to infect the targeted system and collect basic information:

  • Hardware details.
  • Software details.
  • Network settings.
  • Files present on the desktop.

The Elise Malware also can be used as a backdoor, which would allow the attackers to plant additional, more potent threats on the compromised host.

The Lotus Bloom APT appears to use phishing emails as an infection vector that propagates the Elise Malware. The bogus emails are likely to be crafted carefully to avoid raising suspicion in the target. Often, the Lotus Bloom APT would use RTF (Rich Text Format) files as an attachment to the unsafe emails. However, the attackers can opt to use a different file format, which would serve the same purpose. The attachment would likely be macro-laced and able to exploit known vulnerabilities in certain applications installed on the targeted host.

As is often the case with this kind of threat, it all begins with a phishing email designed to trick people. The information contains information that is applicable to the government or military target and certainly appears to be legitimate. The email could include something like a military roster or something else the target expects from an official communication.

The victim sees the email and believes it to be genuine. They interact with the email and open the attachment. The attachment, like the email, appears legitimate but is a decoy that does a lot more harm than good. By opening the document, the victim unwittingly opens a backdoor on their computer. Malware is installed on the machine through the backdoor.

Infecting computers like this gives the attacker a base of operations within a network from which they can conduct further reconnaissance undetected. They can also use this connection to compromise other systems on the network, exfiltrate data from the machine, or download additional malware for different campaigns.

What Does Elise Mean For Victims?

Having malware of any kind on a computer is always a security risk. Malware can cause all sorts of trouble, especially malware designed to find and steal data like Elise. Not only does elise have the power to steal information, but it also has the potential to spread to other machines on a network and gather data from them as well. It also has the potential to download and activate different kinds of malware.

The potential damage of Elise malware is massive. By focusing on government and military targets, the malware presents a substantial national security risk. There is no telling what kind of information is hidden on these networks, information that is now in the hands of the group behind the attack. Campaigns like this are used as part of cyberespionage by threat actors in hostile nations.

The malware also presents a significant threat to corporate targets, should it ever be employed against them. This malware is explicitly designed to steal and exfiltrate data from target machines. Information is power, and this is one malware that certainly proves that ideal.

Once the Elise Malware manages to infiltrate the system, it will execute numerous checks that serve to determine whether the threat is being run on a regular computer or a sandbox environment. If the Elise Malware determines that it is being executed on a system used for malware-debugging, it will cease its activity as a self-defense mechanism.

The Elise Malware may not be a brand-new threat, but the Lotus Bloom APT is still releasing updates for it and using it in its campaigns. Make sure your system is protected by a legitimate anti-spyware suite that would not allow the Elise Malware to take control of your PC.

Related Posts

Trending

Most Viewed

Loading...