Security experts from TrapX reported that some IoT devices running Windows 7 have been infected with a piece of malware, is it a supply chain attack?
The experts reported that several IoT devices at some major manufacturers have been infected with a
“The malware sample intercepted and analyzed by TrapX® is part of the Lemon_Duck sample family running on a double-click action or through p
According to the experts, the attacks could part of the same malware campaign, the infections were observed in over 50 sites of the manufacturers in the Middle East, North America, and Latin America.
Attackers employed downloader that runs malicious scripts associated with a
“Once again, the entry point was a device running Windows 7. The campaign caused confusion on the production line possibly damaging products AGVs assemble. The malware spread quickly enough to be extremely disruptive.” continues the report. “
The malware infected embedded systems running Windows 7, but the popular Microsoft OS reached the end of life in January.
This incident is worrisome because there are hundreds of millions of systems worldwide that run on top of
The report includes a description of the attacks detected by the experts, for example, several automatic guided vehicles (AGVs) that were running Windows 7 were found infected at one manufacturing site.
In another case presented by TrapX, the malware was found on a DesignJet SD Pro multifunction printer that had been used to print technical engineering drawings containing sensitive data related to the target’s production process. In this case, the device was used by attackers as the entry p
TrapX experts speculate the cases were the result of a supply chain attack, this means that the malware was installed on the devices before they were deployed in the manufacturers’ sites.
Additional details, including Indicators of Compromise (IoCs) are reported in the analysis p
(SecurityAffairs – Windows 7, hacking)