Preface: Hot topic in the city this week perhaps is uncover the secret of surveillance power.

My focus: Perhaps quite a lot of reader are interested of the program code of the surveillance program ( sigs.py ). As far as we know, similar of surveillance program infection technique will be relied on email attachment (especially MS word document).

This underground cyber attack method was exposed by Kaspersky on November 5, 2019, and named Dark Universe, literally translating the Dark Universe.
Since this kind of surveillance program sometimes focus on evadsion technique. And therefore the earlier phase of infection do not insists to use the Malicious code . From technical point of view, when you open the word document you can do a health check by yourself on unknown word document.

MS Word document validation method (DIY) – Remove an embedded file or object

1.Open MS word document
2.Select the chart area and press Ctrl+C.
3.Select the location where you want to paste a picture of the chart, press Ctrl+Alt+V, and pick a Picture format.
4.Select the original embedded chart and press Delete.

— End —