Cascading Shadows: An Attack Chain Approach to Avoid Detection and Complicate Analysis


In December 2024, Palo Alto Unit 42 researchers uncovered an attack chain that employs distinct, multi-layered stages to deliver malware like Agent Tesla variants, Remcos RAT or XLoader.

Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass traditional sandboxes, and ensure successful payload delivery and execution. The phishing campaign we analyzed used deceptive emails posing as an order release request to deliver a malicious attachment. This multi-layered attack chain leverages multiple execution paths to evade detection and complicate analysis.

Read more…
Source: Palo Alto Unit 42


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • PuzzleMaker attacks with Chrome zero-day exploit chain

    June 8, 2021

    On April 14-15, 2021, Kaspersky technologies detected a wave of highly targeted attacks against multiple companies. Closer analysis revealed that all these attacks exploited a chain of Google Chrome and Microsoft Windows zero-day exploits. While we were not able to retrieve the exploit used for remote code execution (RCE) in the Chrome web browser, we ...

  • Gootkit: the cautious Trojan

    June 7, 2021

    Gootkit is complex multi-stage banking malware that was discovered for the first time by Doctor Web in 2014. Initially it was distributed via spam and exploits kits such as Spelevo and RIG. In conjunction with spam campaigns, the adversaries later switched to compromised websites where the visitors are tricked into downloading the malware. Gootkit is capable ...

  • Siloscape: First Known Malware Targeting Windows Containers to Compromise Cloud Environments

    June 7, 2021

    In March 2021, I uncovered the first known malware targeting Windows containers, a development that is not surprising given the massive surge in cloud adoption over the past few years. I named the malware Siloscape (sounds like silo escape) because its primary goal is to escape the container, and in Windows this is implemented mainly ...

  • Novel ‘Victory’ Backdoor Spotted in Chinese APT Campaign

    June 7, 2021

    An ongoing surveillance operation has been uncovered that targets a Southeast Asian government, researchers said – using a previously unknown espionage malware. According to Check Point Research, the attack involves spear-phishing emails with malicious Word documents to gain initial access, along with the exploitation of older, known Microsoft Office security vulnerabilities. But most notable, researchers said, ...

  • Securing Computerized Vehicles from Potential Cybersecurity Threats

    June 6, 2021

    Like technology itself, cybersecurity is ever-evolving and encompassing more areas of our lives, including transportation. Popular science fiction movies have led us to expect flying taxis and private space travel as the future of transportation. If that is going to become an eventual reality, the first steps towards that future are “smart cars” and automated ...

  • REvil Ransomware Gang Spill Details on US Attacks

    June 4, 2021

    Cybercriminals behind the JBS Foods ransomware attack claim they had no intent to target United States-based firms. The group, identified as the Sodinokibi REvil ransomware gang, also said it was not afraid of being labeled a cyber-terrorist group. A spokesperson for REvil shared its positions in an interview on a YouTube and Telegram channel called Russian ...