Cyber-criminals are typically quick out of the blocks to take advantage of interest in major news stories and the Charlie Hebdo massacre is no different.
Security researchers at Blue Coat have uncovered a piece of malware which is being distributed using the #JeSuisCharlie slogan to trick victims into downloading the DarkComet malware. The slogan became a huge trending topic on Twitter and elsewhere in the wake of the 7 January attack on the Charlie Hebdo magazine in Paris, and has been tweeted over 5 million times to date.
The cyber-criminals playbook typically sees them try to trick people into clicking on malicious links or downloading disguised malware by pretending the content is related to whatever major news story is trending at the time.
The DarkComet malware being spread in this instance is known as a remote administration tool (RAT), a piece of software which, if installed on your system, gives criminals remote access to your system.
DarkComet is a freely available piece of malware and was created by French hacker Jean-Pierre Lesueur (also known as DarkcoderSc) but he stopped development of the tool in 2012 when he discovered it was being used by the Syrian government to spy on anti-government web users.
However, it remains a popular tool among cyber-criminals for its ease of use and rich feature set, which include key-logging, modifying your registry, logging what hardware and software you are using, executing various scripts on your system, stealing stored passwords, locking your computer, and even controlling your printer.
Blue Coat said it discovered the Je Suis Charlie slogan in files sent to it by customers, but has yet to discern how it is being distributed. However, it is safe to assume that some form of social engineering is being used to trick users, typically through phishing emails or via fake links on social media sites such as Facebook.
Blue Coat said the criminals behind the attacks have tried their best to obfuscate the malware to make it less noticeable to anti-virus scanners. And it seems to be working as Blue Coat says just two of 53 scanners on the VirusTotal online scanner service picked the up that this was DarkComet.
There is no indication of how many people may have been infected as a result of the #JeSuisCharlie malware attack.