Wiper Malware Is Targeting Japanese PCs Days Before Tokyo Olympics Opening

Wiper Malware Is Targeting Japanese PCs Days Before Tokyo Olympics Opening

Security firm Mitsui Bussan Secure Directions (MBSD) reported a malware sample that appears to be targeted at Japanese users and aims to wipe files on infected systems.

The discovery of the wiper takes place two days before the opening ceremony of the 2021 Tokyo Olympics.

The wiper doesn’t just wipe out all of a computer’s sensitive data, but searches for certain file types located in a user’s personal Windows folder at “C:/Users/<username>/.” Microsoft Office files are usually deleted by the malware, researchers noted, and also TXT, LOG, and CSV files which often contain logs, databases, passwords and other system data. The wiper also targets files that are created with the Japanese word processor called Ichitaro. That’s why it’s believed that it was specifically created to target devices in Japan.

Targeted extensions are DOTM, DOTX, PDF, CSV, XLS, XLSX, XLSM, PPT, PPTX, PPTM, JTDC, JTTC, JTD, JTT, TXT, EXE, and LOG.

Other features of the wiper include its anti-VM detection techniques and its ability to wipe itself.

A peculiar feature is that the Wiper also accesses the XVideos adult video portal by the help of cURL app. The MBSD team believes that this behavior was added to trick forensic investigators into thinking that the user got infected and their files got wiped while surfing porn sites.

The MBSD team said that the file that caused the issue was a Windows EXE that was configured to display as a PDF file. The file was named [Urgent] Damage report regarding the occurrence of cyber attacks, etc. associated with the Tokyo Olympics.exe.

“Since this malware is disguised using a PDF icon and only targets data under the Users folder, it is believed that the malware is intended to infect users who do not have administrator privileges,” MBSD researchers Takashi Yoshikawa and Kei Sugawara wrote yesterday.

Only two copies of this particular malware was discovered, and the first one was uploaded to VirusTotal on July 20.

The discovery of the wiper came a day after the FBI warned about the possibility of cyberattacks during the Tokyo Olympics.

During the last two Olympic Games, there were cyberattacks carried out by Russia’s military hackers.

When Russia was accused of running a massive state-sponsored doping program and Russian athletes were banned to compete during the 2016 Summer Olympics under the Russian flag, the state-backed hacker group known as APT28 leaked files related to the World Anti-Doping Agency’s investigation in an act of revenge. After the ban on Russian hackers was extended for the 2018 Winter Olympics, they deployed the Olympic Destroyer Wiper during the opening ceremony in an attempt to disrupt the ceremony.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.