Last year, FortiGuard Labs uncovered the 8220 Gang’s utilization of ScrubCrypt to launch attacks targeting exploitable Oracle WebLogic Servers.
ScrubCrypt has been described as an “antivirus evasion tool” that converts executables into undetectable batch files. It offers several options to manipulate malware, making it more challenging for antivirus products to detect. FortiGuard Labs recently discovered a threat actor distributing a phishing email containing malicious Scalable Vector Graphics (SVG) files. The email lures victims into clicking on an attachment, which downloads a ZIP file containing a Batch file obfuscated with the BatCloak tool. ScrubCrypt is then used to load the final payload, VenomRAT while maintaining a connection with a command and control (C2) server to install plugins on victims’ environments.
Read more…
Source: FortiGuard