Recently, the SonicWall Capture Labs threat research team has identified various malware strains being distributed through a custom VMDetector Loader. This loader is typically delivered to the victim’s system via image files embedded with steganography. The primary payloads observed include popular malware families such as Remcos, VIPKeyLogger, AveMariaRAT, DCRAT, FormBook, and others.
Attackers send an email with an archive file that includes either JavaScript, VBScript, or HTA content. The embedded scripts employ basic obfuscation through string replacement and base64 encoding, making them appear benign while evading straightforward detection.
Read more…
Source: Sonicwall
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- FortiGuard Labs Discovers Multiple Vulnerabilities in Microsoft Message Queuing Service
July 24, 2023
Over the last few months, FortiGuard Labs has discovered and reported multiple vulnerabilities found in the Microsoft Message Queuing (MSMQ) service. Microsoft patched these vulnerabilities in the April and July 2023 security updates. These patches are rated as critical/important, and as always, we urge users to install them as soon as possible. Read more… Source: Fortinet Labs
- Spyhide stalkerware is spying on tens of thousands of phones
July 24, 2023
A phone surveillance app called Spyhide is stealthily collecting private phone data from tens of thousands of Android devices around the world, new data shows. Spyhide is a widely used stalkerware (or spouseware) app that is planted on a victim’s phone, often by someone with knowledge of their passcode. The app is designed to stay hidden ...
- North Korea Leverages SaaS Provider in a Targeted Supply Chain Attack
July 24, 2023
In July 2023, Mandiant Consulting responded to a supply chain compromise affecting a US-based software solutions entity. Mandiant researchers believe the compromise ultimately began as a result of a sophisticated spear phishing campaign aimed at JumpCloud, a zero-trust directory platform service used for identity and access management. JumpCloud reported this unauthorized access impacted fewer than five ...
- What is the status of US, Israel cyberwars?
July 22, 2023
On June 19, 2022, false rocket-warning sirens were activated in Jerusalem and Eilat, caused by a stunning cyber attack by Iran. Israel’s cyber authorities at the time tried to downplay the hack, which seemed to have significant national security implications. However, in a recent interview with The Jerusalem Post, Israel National Cyber Directorate Chief Gaby Portnoy ...
- US Army Hopes AI Will Give Soldiers An Information Advantage
July 21, 2023
The Army in recent years has introduced the concept of “information advantage,” in which soldiers have the ability to make decisions and act faster than their adversaries. The service now believes artificial intelligence is the key to making the strategy a reality. Both in industry and the Defense Department, many are exploring the possibility of utilizing ...
- First known open-source software attacks on banking sector could kickstart long-running trend
July 21, 2023
Application security provider Checkmarx has detailed its findings on the first known open-source software (OSS) attacks targeting the banking sector. During the first half of 2023, the firm said its supply chain research team detected several OSS attacks that showcased advanced techniques designed to exploit legitimate services – such as attaching malicious functionalities to specific components ...