Inside The Box: Malware’s New Playground


Over the past few months, we have been monitoring the increasing abuse of BoxedApp products in the wild. BoxedApp products are commercial packers that provide advanced features such as Virtual Storage (Virtual File System, Virtual Registry), Virtual Processes, and a universal instrumentation system (WIN/NT API hooking).

Even though BoxedApp has been commercially available for a while, in the past year we detected a significant increase in its abuse to deploy numerous known malware families, primarily related to RATs and stealers. The majority of the attributed malicious samples targeted financial institutions and government industries.

Read more…
Source: Check Point


Sign up for our Newsletter


Related:

  • DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware

    April 18, 2024

    In February 2024, Kaspersky researchers discovered a new malware campaign targeting government entities in the Middle East. They dubbed it “DuneQuixote”; and their investigation uncovered over 30 DuneQuixote dropper samples actively employed in the campaign. These droppers, which exist in two versions – regular droppers and tampered installer files for a legitimate tool named “Total Commander”, ...

  • #StopRansomware: Akira Ransomware summary

    April 18, 2024

    Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia. In April 2023, following an initial focus on Windows systems, Akira threat actors deployed a Linux variant targeting VMware ESXi virtual machines. As of January 1, 2024, the ransomware group has impacted over 250 ...

  • SoumniBot: the new Android banker’s unique techniques

    April 17, 2024

    The creators of widespread malware programs often employ various tools that hinder code detection and analysis, and Android malware is no exception. As an example of this, droppers, such as Badpack and Hqwar, designed for stealthily delivering Trojan bankers or spyware to smartphones, are very popular among malicious actors who attack mobile devices. That said, we ...

  • ScrubCrypt Deploys VenomRAT with an Arsenal of Plugins

    April 8, 2024

    Last year, FortiGuard Labs uncovered the 8220 Gang’s utilization of ScrubCrypt to launch attacks targeting exploitable Oracle WebLogic Servers. ScrubCrypt has been described as an “antivirus evasion tool” that converts executables into undetectable batch files. It offers several options to manipulate malware, making it more challenging for antivirus products to detect. FortiGuard Labs recently discovered a ...

  • Byakugan – The Malware Behind a Phishing Attack

    April 4, 2024

    In January 2024, FortiGuard Labs collected a PDF file written in Portuguese that distributes a multi-functional malware known as Byakugan. The PDF image shows a blurred table and asks the victim to click the malicious link on the PDF file to see the content. Once the link is clicked, a downloader is downloaded. The downloader drops ...

  • LazyStealer: Sophisticated does not mean better

    April 4, 2024

    In the first quarter of 2024, researchers from Positive Technologies Expert Security Center (PT ESC) detected a series of attacks targeting government organizations in Russia, Belarus, Kazakhstan, Uzbekistan, Kyrgyzstan, Tajikistan, and Armenia. The research team could not find any links to known groups that used the same techniques. The main goal of the attack was stealing ...