PinkStats

By LoneStar in Malware

In recent years, PC security researchers have uncovered numerous malware attacks coming out of China. Many malware analysts suspect that these kinds of attacks are state sponsored due to the sophistication and backing that they receive. At the least, these attacks may be perpetrated by a small band of criminals with many resources that may then be selling the information to companies or government institutions in China. There are several reasons why these attacks may be state sponsored; they use malware that is highly sophisticated, demonstrate the band of criminals has significant resources and often target Tibet activists or similar groups that are opposed to the Chinese government in some way. PinkStats is one of these sophisticated malware attacks that originated in China. Attacks involving PinkStats have been occurring at least in the last four years all around the world.

The PinkStats Attacks and Their Possible Source

PinkStats has been responsible for numerous high profile attacks. PinkStats is disguised as an application for Web analytics. This fact is the reason for why PinkStats has 'stats' in its name. It has been PinkStats because of its distinctive pink user interface. Once PinkStats has been installed on a victim's computer, PinkStats connects to a remote Command and Control server. Criminals can then use PinkStats to compromise the infected computer, spying on its contents and even controlling it from a remote location. Most of the time, PinkStats is used to install other malware on the infected computer.

PinkStats uses a fake user interface (for its Web analytics component) written in Chinese. Large portions of PinkStats' code are also in Chinese. Since China has been at the center of numerous global malware attacks in recent years, it is fair to assume that PinkStats is in some way connected to the Chinese government. This is also due to the case of NetTraveler, a high profile attack that targeted important political targets with a very high value for the Chinese government. PinkStats has been used in malware attacks going as far back as 2009, although it is possible that PinkStats may have been used previously to that in attacks that have not been detected. The most recent attack involving PinkStats as used to compromise various university computers in South Korea.

Trending

Most Viewed

Loading...