Rover

Malware updated 10 months ago (2024-11-29T13:56:37.715Z)

Download STIX

Preview STIX

Rover is a malicious software (malware) that has the potential to exploit and damage computer systems or devices. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Rover can steal personal information, disrupt operations, or even hold data hostage for ransom. Recently, experts discovered flaws in this malware that affected vehicles of popular brands, including Kia, Honda, Infiniti, Nissan, Acura, Mercedes-Benz, Genesis, BMW, Rolls Royce, Ferrari, Ford, Porsche, Toyota, Jaguar, and Land Rover. The term "rover" also refers to various types of vehicles, notably those used in space exploration. For instance, the Mars Rover program at the Jet Propulsion Lab was responsible for creating the algorithm behind NeuralEye's AI. In recent news, NASA released images showing the deteriorating state of China's Mars Rover. Additionally, a rover built by Carnegie Mellon University was included as part of the cargo on a recent space mission, alongside other items such as a physical Bitcoin and the cremated remains and DNA of notable individuals. In automotive terms, the name "Rover" is commonly associated with the Range Rover brand. Notably, Prince Harry was seen leaving the Rolls Building in central London in a black Range Rover, garnering support from bystanders. However, the brand has also been linked to criminal activities, with a string of thefts involving Range Rover models occurring across multiple counties in southeast England over a 12-month period. Despite these issues, major carmakers, including Toyota, Jaguar Land Rover, and Nissan, have reportedly lobbied the UK Government to weaken or delay the ban on internal combustion engines (ICE).

Description last updated: 2024-09-27T00:15:38.609Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Sidewinder is a possible alias for Rover. Sidewinder, a threat actor with a history of malicious activities dating back to 2012, has been linked to a series of sophisticated cyber threats targeting maritime facilities in multiple countries and government officials in Nepal. The group, believed to have South Asian origins, is known for its u	3
Confucius is a possible alias for Rover. Confucius is a threat actor primarily known for conducting cyberespionage campaigns against Pakistan since 2013. This group has been linked to various malicious activities, including the use of novel Android spyware Hornbill and SunBird to scrape call logs and WhatsApp messages of government authori	3

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Backdoor

Bitcoin

Fraud

Malware

Police

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Scattered Spider Threat Actor is associated with Rover. Scattered Spider, also known as Octo Tempest, 0ktapus, and UNC3944, is a notorious threat actor group involved in major data extortion campaigns. This cybercriminal group has been associated with high-profile attacks on organizations like Caesars Entertainment and MGM, often in collaboration with th	Unspecified	2
The Shinyhunters Threat Actor is associated with Rover. ShinyHunters, a notorious threat actor group, has been involved in several significant data breaches, posing a serious cybersecurity concern for businesses worldwide. The group is known for its malicious activities targeting corporate entities, with the intent of stealing proprietary information. Be	Unspecified	2

Source Document References

Information about the Rover Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	3 days ago	Security Affairs newsletter Round 544 by Pierluigi Paganini – INTERNATIONAL EDITION - Security Affairs
InfoSecurity-magazine	8 days ago	Asahi Suspends Operations in Japan After Cyber-Attack
Securityaffairs	8 days ago	UK grants £1.5B loan to Jaguar Land Rover after cyberattack
InfoSecurity-magazine	12 days ago	JLR Begins Phased Restart of Operations After Cyber-Attack
InfoSecurity-magazine	15 days ago	Jaguar Land Rover Extends Production Pause Again
InfoSecurity-magazine	15 days ago	Car Giant Stellantis Confims Third-Party Breach
InfoSecurity-magazine	16 days ago	Organizations Must Update Defenses to Scattered Spider Tactics, Expert
Securityaffairs	20 days ago	Jaguar Land Rover will extend its production halt into a third week following a cyberattack
InfoSecurity-magazine	22 days ago	JLR Extends Production Halt After Cyber-Attack
Securityaffairs	24 days ago	Security Affairs newsletter Round 541 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	a month ago	Jaguar Land Rover discloses a data breach after recent cyberattack
Checkpoint	a month ago	8th September – Threat Intelligence Report - Check Point Research
Securityaffairs	a month ago	Security Affairs newsletter Round 540 by Pierluigi Paganini – INTERNATIONAL EDITION
InfoSecurity-magazine	a month ago	Scattered Spider-Linked Group Claims JLR Cyber-Attack
Securityaffairs	a month ago	Jaguar Land Rover shuts down systems after cyberattack
InfoSecurity-magazine	a month ago	Jaguar Cyber Incident
Securelist	4 months ago	Desktop and IoT threat statistics for Q1 2025
Securityaffairs	6 months ago	Security Affairs newsletter Round 516 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	a year ago	Hacking Kia cars made after 2013 using just their license plate
CERT-EU	2 years ago	Tech news recap: the biggest stories of 2023