Fake Minesweeper game used for cyberattacks

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
. EULA. Privacy Policy. Uninstall.

In recent cyberattacks on European and US financial organizations, hackers have been using a clever tactic to hide malicious scripts within a Python clone of Microsoft’s Minesweeper game.

Ukraine’s CSIRT-NBU and CERT-UA attributed the attacks to a threat actor known as ‘UAC-0188’. The attacks involve the use of legitimate code from the Minesweeper game to disguise Python scripts that download and install the SuperOps RMM software. SuperOps RMM is legitimate remote management software that allows remote actors to gain direct access to compromised systems.

Following the discovery of this attack, CERT-UA’s research has uncovered at least five potential breaches in financial and insurance institutions across Europe and the United States, underscoring the serious threat these tactics pose.

The attack begins with an email from a spoofed address claiming to be from a medical center, with the subject “Personal Web Archive of Medical Documents.” The email prompts the recipient to download a 33MB.SCR file from a Dropbox link. The file contains innocuous Minesweeper code along with malicious Python code that downloads additional scripts from a remote source (“anotepad.com”).

By including the Minesweeper code within the executable, the attackers aim to disguise the 28MB base64-encoded string containing the malicious code, making it appear harmless to security software. The attackers have also repurposed a function within the Minesweeper code to decode and execute the hidden malicious code.

The base64 string is decoded to assemble a ZIP file containing an MSI installer for the SuperOps RMM software, which is then extracted and executed using a static password. This elaborate scheme involving the popular Minesweeper game demonstrates the lengths hackers will go to hide their malicious activities and gain access to sensitive systems.

Financial organizations and institutions are advised to be vigilant against such attacks and to implement robust security measures to protect against sophisticated cyber threats like these.