Flagpro Malware Discovered on Japanese Company Networks

In the last days of 2021, security researchers have identified a new malware family, which is being used in attacks against Japanese companies. The like culprit of these attacks is the Advanced Persistent Threat (APT) group tracked under the alias BlackTech. They specialize in espionage, and their latest implant goes by the name Flagpro.

The Flagpro Malware is delivered to victims through phishing emails, which appear to be customized for each victim. The criminals are pretending to send the messages from trustworthy partners, therefore improving the chances that victims will end up in interacting with the message. The bogus email contains a password-protected archive, which is supposed to contain important content. However, victims who open it will see an XLSM document, which delivers the Flagpro Malware through the clever use of macro scripts.

If the macro is executed successfully, the Flagpro Malware payload will be dropped in the startup directory of Windows, therefore gaining persistence. The threat then connects to a remote server through the HTTP protocol, and sends some basic information about the victim's machine. The criminals can then use the Flagpro Malware to execute commands remotely, or to deliver additional payloads.

The first variants of the Flagpro Malware date back to June 2020, and it appears that the criminals have released several updates since then. One of the latest variant is able to automatically close Windows dialogs that the implant's activity could spawn and reveal its presence. Allegedly, it is able to detect the specific dialogue names in Japan, Taiwan, Chinese, and English – this is likely to mean that the Flagpro Malware is about to attack other countries as well. The best way to protect networks and systems against BlackTech attacks is to invest in enhanced security measures, as well as to ensure that all employees are familiar with the primary malware propagation mechanisms cybercriminals use. A previous BlackTech implant family is the Gh0stTimes Malware.

December 29, 2021
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.