A hacker is responding to the New Zealand mosque shooting by booby-trapping the attacker's manifesto with malware.

The note has been circulating on the web, even though New Zealand authorities have been pushing internet platforms to take it down. However, at least one copy of the document has been secretly rigged to reconfigure Windows PCs.

Security firm Blue Hexagon uncovered the weaponized document while scanning the internet for malicious files. "Caution is advised for anyone attempting to seek and download the content for review," researcher Irfan Asrar wrote in a blog post.

"In what can be described as a vigilante attempt to thwart the viral distribution, several links are now also distributing a trojanized version of the manifesto," he added.

The file itself has been packaged as a harmless Microsoft Word document. However, it's actually been weaponized by the inclusion of a programming script that'll attempt to download a portable executable file to the victim's PC.

Fortunately, the hacker behind the scheme did not rig the file with anything destructive. The portable executable file's goal is to reconfigure the system's Master Boot Record to display a message on reboot that says "This is not us!" on a black screen.

The hacker's intention was probably to protest the original manifesto. The booby-trapped document resembles the source material. However, the document's metadata has been tweaked with a new author using the name "Maori," the indigenous people of New Zealand.

"Our initial suspicion was that this was targeting the press, but with all the data that we have now, it looks like it was not one specific group, just anyone who was trying to get a copy of the manifesto," Asrar told PCMag.

The platforms that were hosting the booby-trapped file have removed the links to it in a bid to take down all content related to the original manifesto, he added. So the impact was likely small.

So far, Blue Hexagon has only discovered one booby-trapped document, which some antivirus software will detect as a Trojan. But the security firm is investigating other reports of manifesto files and related videos that may have been rigged as well. Asrar warns that the same tactic could be used to spring destructive malware on people's computers.

Further Reading

Security Reviews