Cyber-attackers use G20 Summit to target advocates for Tibet

Next story
San Diego, CA

G20 Summits are notorious in the IT security industry for frequently being the target of cyber-criminals. The 2014 G20 Summit, being held this weekend in Brisbane, Australia, is proving to be no exception. This was confirmed by the detection of a sample of the Gh0st Remote Access Trojan (RAT), detected as Win32/Farfli, in an email targeting advocates of the Tibetan cause. ESET has analyzed the Trojan in blog post on

Victims receive an email with subject ‘Join us at rally for Tibet during the G20 Summit’ containing an infected document. “The malicious actor is trying to lure the recipient into opening an infected attachment by using a rally that is being organized by the Australian Tibet Council. In fact, the email text was copied directly from the group’s website,” reads the blog post.

This malware uses CVE-2014-0158 vulnerability of Microsoft Word and if it is successful, it will install the Gh0st RAT malware on the computer. Once the Gh0st RAT connects to its Command and Control Center, it allows the operator to remotely control the compromised computer.

More about this example of Gh0st RAT is available at

About ESET
Since 1987, ESET® has been developing record award-winning security software that now helps over 100 million users to Enjoy Safer Technology. Its broad security product portfolio covers all popular platforms and provides businesses and consumers around the world with the perfect balance of performance and proactive protection. The company has a global sales network covering 180 countries, and regional offices in Bratislava, San Diego, Singapore and Buenos Aires. For more information visit or follow us on LinkedInFacebook, and Twitter.