ESET, a global leader in IT security for more than two decades, presents Operation Potao Express, an extensive analysis of the cyberespionage group behind the Win32/Potao malware family. An ESET white paper with the same name offers technical details and describes spreading mechanisms and the most noteworthy attack campaigns since this malware’s first appearance in 2011 through to the present day.
Win32/Potao is an example of espionage malware. It has been detected mostly in Ukraine and a number of other CIS countries, including Russia, Georgia and Belarus. The Potao family is a typical cyberespionage trojan that steals passwords and sensitive information in order to offer them to the attackers’ remote server.
Similar to BlackEnergy, Potao was use to spy on the Ukrainian government, military entities and a major Ukrainian news agency. It was also used to spy on members of MMM, a financial pyramid scheme popular in Russia and Ukraine. Besides the variety of attack campaigns, there is one other interesting fact about Win32/Potao.
“Our investigation of Potao uncovered a very interesting connection to a Russian version of the now-discontinued popular open-source encryption software, TrueCrypt,” says Robert Lipovsky, Senior Malware Researcher at ESET.
Investigating further, ESET researchers discovered another connection between trojanized TrueCrypt and the truecryptrussia.ru website, which not only delivered infected encryption software in some specific cases but also acted as a command and control (C&C) server for the backdoor.
Read more about Operation Potao Express: Analysis of a cyber-espionage toolkit on WeLiveSecurity.com.
About ESET
Since 1987, ESET® has been developing award-winning security software that now helps over 100 million users to Enjoy Safer Technology. Its broad security product portfolio covers all popular platforms and provides businesses and consumers around the world with the perfect balance of performance and proactive protection. The company has a global sales network covering 180 countries, and regional offices in Bratislava, San Diego, Singapore and Buenos Aires. For more information visit www.eset.com or follow us on LinkedIn, Facebook and Twitter.