"DEEPDATA is a modular post-exploitation tool for the Windows operating system that is used to gather a wide range of information from target devices," security researchers Callum Roxan, Charlie Gardner, and Paul Rascagneres said Friday.
"Since their initial development of the LightSpy spyware implant in 2022, the attacker has been persistently and methodically working on the strategic targeting of communication platforms, with the emphasis on stealth and persistent access," the BlackBerry threat research team noted.
"This plugin was found to exploit a zero-day vulnerability in the Fortinet VPN client on Windows that allows it to extract the credentials for the user from memory of the client's process," the researchers said.
"The malware first came to light earlier this week, when BlackBerry detailed the Windows-based surveillance framework as used by the China-linked APT41 threat actor to harvest data from WhatsApp, Telegram, Signal, WeChat, LINE, QQ, Skype, Microsoft Outlook, DingDing, Feishu, KeePass, as well as application passwords, web browser information, Wi-Fi hotspots, and installed software."
Collection
[
|
...
]