Kunyaka ophelileyo, iZiko leSizwe loKhuseleko lweCyber e-UK (NCSC) lifumene uhlobo oluthile lwe-spy malware SparrowDoor kwinethiwekhi engachazwanga yase-UK. Uhlalutyo lokwahluka lupapashwe namhlanje, olunokuthi ngoku lube idatha kwibhodi eqhotyoshwayo, phakathi kwezinye izinto. Ukongeza, izalathi ze-compromise kunye nemithetho ye-Yara zenziwe zafumaneka ezivumela imibutho ukuba ibone i-malware ngaphakathi kwenethiwekhi yabo.
Inguqulelo yokuqala yeSparrowDoor yafunyanwa yinkampani ye-antivirus ye-ESET kwaye kuthiwa isetyenziswe ngokuchasene neehotele kwihlabathi jikelele, kunye noorhulumente. Abahlaseli basebenzise ubuthathaka kwiMicrosoft Exchange, iMicrosoft SharePoint kunye neOracle Opera ukuqhekeza kwimibutho. Imibutho echaphazelekayo yayiseCanada, Israel, France, Saudi Arabia, Taiwan, Thailand and United Kingdom, phakathi kwabanye. I-ESET ayizange ichaze ngokuthe ngqo ekujoliswe kuyo ngabahlaseli.
IBritish NCSC ithi ifumene iSparrowDoor kwinethiwekhi yaseBritane kunyaka ophelileyo. Olu guqulelo lunokuba idatha kwibhodi eqhotyoshwayo kwaye ijonge kuluhlu oluqinileyo ukuba ingaba isoftware ethile yeantivirus iyasebenza. Lo mahluko unokuxelisa ithokheni yeakhawunti yomsebenzisi xa ucwangcisa imidibaniso yenethiwekhi. Kungenzeka ukuba oku "ukwehlisa" kwenziwa ukuba kungabonakali, enokuthi ukuba ibisenza unxibelelwano lwenethiwekhi phantsi kwe-akhawunti ye-SYSTEM, umzekelo.
Enye into entsha kukuqweqwediswa kwezinto ezahlukeneyo Windows API imisebenzi. Akucaci xa i-malware isebenzisa "i-API hooking" kunye "nokulinganisa uphawu", kodwa ngokutsho kwe-NCSC yaseBrithani, abahlaseli benza izigqibo zokhuseleko zokusebenza. Iinkcukacha ezithe vetshe malunga nenethiwekhi ehlaselweyo okanye ngubani osemva kwe-malware ayinikwanga.