MENU

ACG-CYBER SECURITY BULLETIN NO 120 UNDERSTANDING FALLCHILL MALWARE

The following information was obtained from the different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG).

The information provided was classified as Restricted pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.

SUMMARY

FALLCHILL malware is the primary component of a C2 infrastructure that uses multiple proxies to obfuscate network traffic between HIDDEN COBRA actors and a victim’s system. According to trusted third-party reporting, communication flows from the victim’s system to HIDDEN COBRA actors using a series of proxies.

FALLCHILL has been deployed by Hidden Cobra since 2016 to target the aerospace, telecommunications and finance industries. It allows Hidden Cobra to issue commands to a victim’s server by dual proxies, which means it can potentially perform actions like retrieving information about all installed disks, accessing files, modifying file or directory timestamps and deleting evidence that it’s been on the infected server.

The malware typically infects a system as a file dropped or as a file unknowingly downloaded from a compromised site. It collects basic information such as Operating System (OS) version information and system name and it allows for remote operations including searching, reading, writing, moving, and executing files.

RECOMMENDATION

            PNP personnel and the public are advised to follow the best practices listed for securing and protecting information whether for personal use or work:

  • In order to prevent potential infections in the future, it is essential to stay away from Volgmer Malware’s possible sources;
  • Users should deny any user Account Control (UAC) request unless they are making modifications to their own system. Likewise, users must be cautious in visiting web pages with malicious code, this would disallow the attacker to compromise through the infected system;
  • It is best to install security software with warning signals for the detection of malicious software and install a powerful, high-quality anti-malware tool on your computer; and
  • Reputed anti-virus software will also help you to a great extent protect your system from other cyber threats as well.

For additional information, please refer to the following websites:

 

POINT OF CONTACT

            Please contact PCINSP ANGELICA STARLIGHT L. RIVERA, Chief, Personnel Records Management Section thru email address This email address is being protected from spambots. You need JavaScript enabled to view it. or contact us on telephone number (632) 7230401 local 3562 for any inquiries related to this CYBER SECURITY BULLETIN.