Tokyo Olympics could be a great opportunity for cybercriminals and malware authors, the US FBI warned private US companies of cyberattacks that might attempt to disrupt the 2021 Tokyo Olympics.
Researchers from the Japanese security firm Mitsui Bussan Secure Directions (MBSD) discovered an Olympics-themed malware that implements wiping capabilities. The malicious code was specifically designed to target Japanese PCs and was detected ahead of the opening ceremony of the 2021 Tokyo Olympics.
The malicious code was designed to wipe certain file types (DOTM, DOTX, PDF, CSV, XLS, XLSX, XLSM, PPT, PPTX, PPTM, JTDC, JTTC, JTD, JTT, TXT, EXE, LOG) in the user’s personal Windows folder.
The malware only targets data under the Users folder, likely because it was designed to infect users who do not have administrator privileges. The malware targets files created with the Ichitaro Japanese word processor implements evasion and anti-analysis capabilities to prevent the malicious code from being analyzed.
The wiper uses the cURL app to access content on the XVideos adult video portal while deleting files on the infected systems. Experts believe that this feature was implemented to trick experts into believing that the infection took place while accessing adult sites.
The actual attack vector seems to be a malicious executable disguised as PDF file, the malicious code was found in a Windows EXE file that was disguised as a PDF file named: [Urgent] Damage report regarding the occurrence of cyber attacks, etc. associated with the Tokyo Olympics.exe.”
The malware is also able to delete itself and evidence of its presence from infected computers.