A new trojan named "Delilah" actively seeks to recruit insiders at target organisations in order to steal sensitive corporate information.
Avivah Litan, a vice president and distinguished analyst at Gartner, explains Delilah does whatever it needs to do to sway individuals to join its ranks:
"… [T]he bot is delivered to victims via downloads from multiple popular adult and gaming sites. Once installed the hidden bot gathers enough personal information from the victim so that the individual can later be manipulated or extorted. This includes information on the victim’s family and workplace. The bot comes with a social engineering plug in that connects to webcam operations so that the victim can be filmed without his or her knowledge."
Originally discovered by the threat intelligence firm Diskin Advanced Technologies (DAT), Delilah requires additional human involvement from its operators to identify, research, and engage potential recruits.
After the trojan successfully infects and enlists a willing insider, the individual receives instructions from Delilah that are concealed by VPN services, Tor, and browser history deletion.
Delilah then takes a high volume of screen shots based on the insider's browsing, a feature which according to Litan still suffers from a few bugs:
"Reportedly, the Trojan is still buggy and sometimes yields error messages when the webcam function is invoked. Infected devices are also subject to constant monitor freezing – sometimes for over ten seconds – because of the high volume of real time screen shots. Threat actors want these bugs resolved."
Delilah is currently circulating among closed hacker groups and is not yet commercially available on the black market.
One way to protect against a Delilah infection is to educate employees about the risk of visiting adult and gaming websites using corporate systems. Organisations should develop security policies that expressly prohibit this type of behaviour, and they should use an eLearning product such as one of Metacompliance's solutions to cultivate staff awareness on an ongoing basis.