In December 2024, Palo Alto Unit 42 researchers uncovered an attack chain that employs distinct, multi-layered stages to deliver malware like Agent Tesla variants, Remcos RAT or XLoader.
Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass traditional sandboxes, and ensure successful payload delivery and execution. The phishing campaign we analyzed used deceptive emails posing as an order release request to deliver a malicious attachment. This multi-layered attack chain leverages multiple execution paths to evade detection and complicate analysis.
Read more…
Source: Palo Alto Unit 42
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Attacks on critical infrastructure are dangerous. Soon they could turn deadly, warn analysts
July 22, 2021
Tech analyst firm Gartner reckons that hackers will have turned computer systems into weapons to the point that they could injure or kill humans by 2025, and that beyond the human tragedy it will cost businesses $50 billion to remediate across IT systems, litigation and compensation. Past malware attacks, such as Stuxnet, which is believed to ...
- NPM Package Steals Passwords via Chrome’s Account-Recovery Tool
July 21, 2021
A credentials-stealing code bomb that uses legitimate password-recovery tools in Google’s Chrome web browser was found lurking in the npm open-source code repository, waiting to be planted within the sprawling galaxy of apps that pull code from that source. Researchers caught the malware filching credentials from Chrome on Windows systems. The password-stealer is multifunctional: It also ...
- MacOS Being Picked Apart by $49 XLoader Data Stealer
July 21, 2021
There’s a new version of the old FormBook form-stealer and keylogger that’s added Mac users to its hit list, and it’s selling like hotcakes on underground markets for as low as $49. It’s not only cheap; it’s easy. The data stealer is distributed in the form of malware-as-a-service (MaaS) and stands out from competing malware by ...
- France warns of APT31 cyberspies targeting French organizations
July 21, 2021
Today, the French national cyber-security agency warned of an ongoing series of attacks against a large number of French organizations coordinated by the Chinese-backed APT31 hacking group. “It appears from our investigations that the threat actor uses a network of compromised home routers as operational relay boxes in order to perform stealth reconnaissance as well as ...
- StrongPity APT Group Deploys Android Malware for the First Time
July 21, 2021
We recently conducted an investigation into a malicious Android malware sample, which we believe can be attributed to the StrongPity APT group, that was posted on the Syrian e-Gov website. To the best of our knowledge, this is the first time that the group has been publicly observed using malicious Android applications as part of ...
- DHS Announces New Cybersecurity Requirements for Critical Pipeline Owners and Operators
July 20, 2021
WASHINGTON – Today, in response to the ongoing cybersecurity threat to pipeline systems, DHS’s Transportation Security Administration (TSA) announced the issuance of a second Security Directive that requires owners and operators of TSA-designated critical pipelines that transport hazardous liquids and natural gas to implement a number of urgently needed protections against cyber intrusions. “The lives and ...

