New Sykipot variant targets Pentagon smart cards

Pentagon (Gleason)

A new variant in the long-standing Sykipot malware family appears to have a new trick up its sleeve. According to AlienVault, instead of just launching spear-phishing email messages, the new Sykipot variant now appears to be targeting credentials of the PC/SC x509 smart cards used by the U.S. Department of Defense and a wide range of corporations and enterprises, including defense contractors.

The Sykipot malware family has been around since at least 2007, and has been used to launch spear-phishing attacks primarily against targets in the United States, particularly in the defense sector. AlienVault claims the attacks originate with command-and-control servers in China.

The new Sykipot variant uses a spear-phishing attack to try to convince targets to open a PDF attachment. That attachment employs a zero-day vulnerability in Adobe’s Acrobat Reader to install the Sykipot malware on the machine. Once installed, Sykipot runs a keylogger to obtain PIN numbers for use with DOD and Windows smart cards. When the smartcard is inserted into a reader, the malware then impersonates an authorized user and enters the PIN in an effort to obtain access to secured information.

According to AlienVault researcher Jamie Blasco, the new Sykipot variant seems to have been created in March 2011, and has turned up in several attack samples since. AlienVault can’t say the malware has successfully obtained DOD or Windows smart card credentials, but said the attack does work.

Sykipot isn’t the first malware to target smart cards and other two-factor authentication schemes, but it is intriguing that the new variation seems to explicitly target smart card systems widely used by the U.S. Department of Defense and the defense industry. The exploit also only operates when the smart card is physically present in the compromised machine, meaning it may be quite difficult for administrators and network security protocols to distinguish between Sykipot access and legitimate uses by the smart card owner.


Playing ‘Battlefield V’ on an $800 Nvidia card is stunning. And disappointing

‘Battlefield V’ is the first game to use Nvidia’s ray tracing support, now available with the RTX 2080 and 2080 Ti graphics cards. The feature can, in an ideal scenario, make the game look better, but the performance hit may not be…

Problems with installing or updating Windows 10? Here's how to fix them

Upgrading to the newest version of Windows 10 is usually a breeze, but sometimes you run into issues. Never fear though, our guide will help you isolate the issue at hand and solve it in a timely manner.

Lost your router? Here's how to find its IP address to help track it down

Changing the login information for your router isn't always easy, that's why so many have that little card on the back. But in order to use it, you need to know where to go. Here's how to find the IP address of your router.

The Motiv smart ring is coming to 20 more countries and physical stores

Remember Motiv's activity tracking smart ring? It's back with a raft of new features that adds biometric identification and token authentication, all on a device that fits on your finger.
Emerging Tech

China says it has developed a quantum radar that can see stealth aircraft

Chinese defense giant China Electronics Technology Group Corporation claims that it has developed a quantum radar that's able to detect even the stealthiest of stealth aircraft. Here's how it works.
Smart Home

All the best Amazon Black Friday deals for 2018

Amazon may be an online-only retailer, but that doesn’t mean its Black Friday sales are anything to sniff at. In fact, due to its online status, Amazon has huge flexibility with the range of products and deals it can offer. Here's our…

HP takes $100 off of leather-clad Spectre Folio 13 bundle for Black Friday

HP is offering a discount to Black Friday shoppers for a bundle that includes its leather-wrapped answer to Apple's MacBook Air. HP is offering a $100 discount on the Spectre Folio 13 when bundled with a mouse and leather sleeve.

Save a heap with these Black Friday 2018 graphics card deals

The Black Friday 2018 sales period is finally here and it's brought with it a tonne of great component deals. We've been scouring websites and catalogs for days to find you the best graphics cards deals for Black Friday 2018.

The best Target Black Friday deals for 2018

The mega-retailer opens its doors to the most competitive shoppers at 6 p.m. on Thursday, November 22, and signs indicate that the retailer means business this year. We've sifted through all of the deals, from consumer electronics to small…

Still miss Windows 7? Here's how to make Windows 10 look more like it

There's no simple way of switching on a Windows 7 mode in Windows 10. Instead, you can install third-party software, manually tweak settings, and edit the registry. We provide instructions for using these tweaks and tools.

Cyber Monday 2018: When it takes place and where to find the best deals

Cyber Monday is still a ways off, but it's never too early to start planning ahead. With so many different deals to choose from during one of the biggest shopping holidays of the year, going in with a little know-how makes all the…

Ditch the passwords and buy Xbox games with just your face

Passwords are the past. The latest version of Windows 10 allows you to sign in with your Microsoft account on the web through Microsoft Edge using Windows Hello or a FIDO 2 Yubikey. 

Canceling Amazon Prime is easy, and you might get a refund

Don't be intimidated. Learning how to cancel Amazon Prime is easier than you might think. You might even get a partial or full refund on the cost, depending on how much you've used it. Check out our quick-hit guide for doing so.

Editing a PDF is easy when you have the right tools in hand

Editing PDF files can be a real pain, but there are a few tricks to make the process a bit easier. This guide will give you three easy methods for how to edit a PDF, two of which work without needing Adobe Acrobat.