Sykipot Trojan targets US DoD smart cards

SECURITY RESEARCH OUTFIT Alienvault has revealed that Chinese cyber criminals are using malware to hack smart cards used by the US Department of Defence (DoD).

The latest strain of the backdoor access Trojan called Sykipot is being used to gain remote access to protected resources. A spear phishing technique is used to persuade the target to open a pdf file that lets the malware loose. It then uses a basic keylogger to steal credentials of cards used in the reader.

Jaime Blasco, lab manager at Alienvault said, "This is the first report of Sykipot being used to compromise smart cards, and this latest version of the malware has been designed specifically to take advantage of smart card readers running Activclient - the client application of Actividentity, whose smart cards are standardised at the DoD and a number of other US government agencies."

He reports that this strain of Sykipot dates back to March of last year and has been used in dozens of attacks since then. According to the research the attacks originate from China. Other attacks involving the Sykipot Trojan have been around since 2006.

"When a card is inserted into the reader, the malware acts as the authenticated user and can access sensitive information. The malware is then controlled by the attackers and then told what - and when - to steal the appropriate data," added Blasco.

The fact that the card needs to be present is a drawback for the attacker as it gives them a limited amount of access time. However, smart cards are a particularly difficult application in which to distinguish between authorised and non-legitimate usage.

This is a case where hackers are hijacking a security system that is used by many US government agencies in addition to the DoD. µ