Alert: Thai Officials Under Attack – New ‘Yokai’ Malware Exploits Windows Security Flaw

Alert: Thai Officials Under Attack - New 'Yokai' Malware Exploits Windows Security Flaw

Thai Officials Targeted by New Yokai Backdoor Campaign

A sophisticated cyber campaign targeting Thai government officials has been discovered, utilizing DLL side-loading techniques to deploy a new backdoor malware named Yokai. The attack begins with a RAR archive containing Thai-language Windows shortcuts disguised as U.S. Department of Justice documents.

The malicious files reference Woravit Mektrakarn, a Thai national wanted in the U.S. for a 2003 murder case. When activated, the shortcuts display decoy documents while secretly installing malicious software. The attack chain involves multiple stages:

1. Initial deployment through suspected spear-phishing
2. Installation of a legitimate iTop Data Recovery application
3. Exploitation through DLL side-loading
4. Implementation of the Yokai backdoor

The Yokai backdoor establishes persistence and connects to command-and-control servers, enabling remote command execution on infected systems.

In related cybersecurity developments:
– Zscaler ThreatLabz identified a separate campaign using NodeLoader malware to distribute cryptocurrency miners and information stealers
– A rise in phishing attacks delivering Remcos RAT through VBS scripts and Office Open XML documents has been observed
– Attackers are increasingly using sophisticated evasion techniques, including memory-only execution and legitimate process injection

The campaigns demonstrate evolving cyber threats targeting government officials and utilizing advanced deployment methods to avoid detection by security solutions.

Share This Article