Hackers Use Python Minesweeper Code to Attack US and European Institutions

TapTechNews May 28th news, Do you still play Minesweeper now? The Computer Security Incident Response Team (CSIRT-NBU) and the Ukrainian Computer Emergency Response Team (CERT-UA) traced and investigated a cyberattack, Hackers have used the Minesweeper code in Python version to attack financial and insurance institutions in the United States and Europe.

Two security agencies said the malicious game was created by the UAC-0188 (FromRussiaWithLove) hacker group, and the leader is a Russian hacker.

Hackers use Minesweeper code to hide Python code, and once users are infected, they will install the SuperOpsRMM tool, thereby allowing them to obtain control of the device.

According to the announcement, the hacker uses the guise of a medical center and distributes e-mails using support@patient-docs-mail.com with the title Personal Web Profile of Medical Documents. TapTechNews attaches relevant pictures as follows:

In this e-mail, the recipient can find a Dropbox link, which will point to a 33MB.SCR file that contains the code from the Python cloned Minesweeper game and a malicious code to download other malicious software from anotepad.com.

The Minesweeper code in the Python version contains malicious code, and the create_license_ver function will decode and execute the malicious software. This process can hide the malicious code from the security system.