A new malware has been discovered by researchers that has been active and unnoticed for almost a year.
The attack, currently being referred to as ‘mystery malware’ has been targeting UK businesses across a variety of sectors for the last 11 months. The name mystery malware comes from the protocol it uses to authenticate; the attack always begins with ‘some_magic_code1’ after establishing an HTTP connection to a command and control server. The protocol used to authenticate is a custom code and is thus a mystery to researchers.
Once the malware has made connection to the command and control server it can request further instruction on how to remotely log into the infected computer or device.
The mystery malware has been targeting business computers in the UK undetected for just under a year.