Close Menu
Most Read

Mustang Panda Targets Indian Banks Using LotusLite Exploits

Staff WriterBy No Comments2 Mins Read1 Views

Fast Facts

  1. A new, improved version of the LOTUSLITE malware targets India’s banking sector via malicious CHM files, using DLL side-loading for stealthy payload delivery.
  2. The malware communicates with a dynamic DNS command-and-control server over HTTPS, enabling remote control, file operations, and data exfiltration with an espionage focus.
  3. The threat group has expanded its targets from US government entities to South Korean diplomatic circles and India’s banking sector, employing sophisticated lures such as fake banking pop-ups and diplomatic impersonation.

Threat, Attack Techniques, and Targets

Cybersecurity researchers found a new version of the malware called LOTUSLITE. This malware is used in an espionage campaign. The attackers distribute it using a theme related to India’s banking sector. The attack starts with a Compiled HTML (CHM) file. This file contains a legitimate executable, a malicious DLL named dnx.onecore.dll, and an HTML page with a pop-up. When the user clicks “Yes” on the pop-up, the malware silently loads and executes a JavaScript from a remote server. The JavaScript then pulls and runs the malware inside the CHM file.

The malware communicates with a domain (editor.gleeze[.]com) over HTTPS. It supports remote shell access, file management, and session control. This shows the focus on spying rather than financial theft. The campaign mainly targets Indian banks. It also targets South Korean policymakers and diplomacy circles. The attackers impersonate a Korean diplomat using fake Gmail accounts and Google Drive links. Past activity links the threat to Mustang Panda, a Chinese state-linked group that used similar malware against U.S. government and policy entities.

Impact, Security Implications, and Remediation Guidance

This threat can give attackers control over targeted systems, steal sensitive data, and monitor victim activity. The focus on high-value sectors like banking and government makes the risk serious. The activity shows an ongoing effort to gather intelligence on key geopolitical and financial groups. It highlights the importance of strong defenses against social engineering and malware delivery.

Organizations should seek specific remediation advice from their security providers or relevant authorities. They should enhance email security, train staff to recognize phishing, and monitor network activity for unusual behavior. Patching systems and maintaining up-to-date security tools is also recommended.

Expand Your Tech Knowledge

Dive deeper into the world of Cryptocurrency and its impact on global finance.

Access comprehensive resources on technology by visiting Wikipedia.

ThreatIntel-V1

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

Comments are closed.