Two Brazilian government websites suffered compromise and have been serving a number of malware variants to visitors since late last week, researchers said.
Masquerading as “Adobe” and Flash Player updates and upgrades, the malicious executables usually drop another executable and a Java file posing as a .GIF file, said researches from Trend Micro.
While the first lowers the system’s security settings, the second one downloads and executes additional files, and among them is a .JAR file that creates a new administrator account through which multiple concurrent remote desktop sessions in the affected computer end up enabled, giving remote attackers complete control over the computer.
The ultimate goal of this attack remains unknown.
The researchers haven’t mentioned which particular government sites ended up compromised, but this could be a watering hole campaign aimed to compromise computers belonging to government workers, or it could be a simple information-stealing campaign aimed at random users.