Mirage

Mirage is a dangerous backdoor Trojan that is used to infect high profile tactics. Mirage has been used recently in industrial espionage activities, targeting government organizations, energy companies and military facilities. Once installed on an infected computer, Mirage creates a backdoor on it. This backdoor has a component that connects automatically to a remote server in order to receive additional instructions. ESG security researchers consider that Mirage is a high level threat that poses as a severe risk to a computer. The groups in most danger of a Mirage infection include military and business facilities that handle sensitive information, particularly in Taiwan, Philippines and Canada. ESG malware researchers strongly urge PC users to update their security software and to be on the lookout for phishing scams distributed via malicious email messages.

Mirage is distributed through malicious email attachments that are disguised as benign PDF files. In fact, they are malicious files that are engineered to exploit a known Adobe Reader vulnerability that allows criminals to execute a malicious code on the infected computer. One curious aspect of Mirage is that once Mirage has been installed, Mirage can hide its communication with its Command and Control server by disguising its communications as Google searches and using SSL. The Mirage is not widespread. There are a little more than a hundred computers infected with Mirage around the world. However, these are all sensitive targets that have valuable data that can be sold for an impressive profit by the criminals behind the Mirage infections.

The Mirage Targets and Possible People Behind this Infection

It seems that all of the targets are involved in a struggle to obtain rights to survey for natural gas and oil in the South China Sea. While it is not wholly apparent who is responsible for the wave of Mirage attacks, it is obvious that the people behind this malware infection are not amateurs. It seems that Mirage is well funded and has solid backing. ESG security researchers suspect that a well known Chinese hacker group may be involved. However, it is not entirely clear what data they are after. The Mirage attacks are similar to a number of other attacks earlier this year that target oil companies in Vietnam as well as other highly publicized attacks on nuclear facilities and energy companies.