WhiteShadow downloader uses Microsoft SQL queries to deliver malicious payloads

Researchers have documented the emergence of a downloader that makes use of Microsoft SQL queries to pull and deliver malicious payloads.

In August this year, Proofpoint researchers found the new, staged downloader, known as WhiteShadow, which is being used to deliver a variety of malware to vulnerable systems.

The cybersecurity team said in a blog post on Thursday that WhiteShadow appears to be a “malware delivery service,” given its presence in campaigns used to spread malware including Remote Access Trojans (RATs) such as Crimson RAT, and Agent Tesla, AZORult, and keyloggers, among others.

Read more…
Source: ZDNet