Inside The Box: Malware’s New Playground


Over the past few months, we have been monitoring the increasing abuse of BoxedApp products in the wild. BoxedApp products are commercial packers that provide advanced features such as Virtual Storage (Virtual File System, Virtual Registry), Virtual Processes, and a universal instrumentation system (WIN/NT API hooking).

Even though BoxedApp has been commercially available for a while, in the past year we detected a significant increase in its abuse to deploy numerous known malware families, primarily related to RATs and stealers. The majority of the attributed malicious samples targeted financial institutions and government industries.

Read more…
Source: Check Point


Sign up for our Newsletter


Related:

  • Raspberry Robin Malware Targets Telecom, Governments

    December 20, 2022

    Trend Micro researchers found a malware sample allegedly capable of connecting to the Tor network to deliver its payloads. Their initial analysis of the malware, which compromised a number of organizations toward the end of September, showed that while the main malware routine contains both the real and fake payloads, it loads the fake payload ...

  • Researchers smell a cryptomining Chaos RAT targeting Linux systems

    December 13, 2022

    A type of cryptomining malware targeting Linux-based systems has added capabilities by incorporating an open source remote access trojan called Chaos RAT with several advanced functions that bad guys can use to control remote operating systems. Trend Micro security researchers discovered the threat last month. Like earlier, similar versions of the miner that also target Linux ...

  • Crimeware trends: self-propagation and driver exploitation

    December 5, 2022

    If one sheep leaps over the ditch, the rest will follow. This is an old saying, found in various languages, and it can be applied to ransomware developers. In previous blog posts, Kaspersky researchers highlighted an increase in the popularity of platform-independent languages and ESXi support, and recently, Kaspersky published a research about ransomware borrowing ...

  • Always Another Secret: Lifting the Haze on China-nexus Espionage in Southeast Asia

    November 28, 2022

    Mandiant Managed Defense recently identified cyber espionage activity that heavily leverages USB devices as an initial infection vector and concentrates on the Philippines. Mandiant tracks this activity as UNC4191 and we assess it has a China nexus. UNC4191 operations have affected a range of public and private sector entities primarily in Southeast Asia and extending to ...

  • Get a Loda This: LodaRAT meets new friends

    November 17, 2022

    Since their first blog post in February of 2020 on the remote access tool (RAT) known as LodaRAT (or Loda), Cisco Talos has monitored its activity and covered their findings in subsequent blog posts. As a continuation of this series, this blog post details new variants and new behavior Cisco Talos researchers have observed while monitoring ...

  • Defeating Guloader Anti-Analysis Technique

    October 28, 2022

    Unit 42 researchers recently discovered a Guloader variant that contains a shellcode payload protected by anti-analysis techniques, which are meant to slow human analysts and sandboxes processing this sample. To help speed analysis for this sample and others like it, we are providing a complete Python script to deobfuscate the Guloader sample that is available ...