Recently, the SonicWall Capture Labs threat research team has identified various malware strains being distributed through a custom VMDetector Loader. This loader is typically delivered to the victim’s system via image files embedded with steganography. The primary payloads observed include popular malware families such as Remcos, VIPKeyLogger, AveMariaRAT, DCRAT, FormBook, and others.
Attackers send an email with an archive file that includes either JavaScript, VBScript, or HTA content. The embedded scripts employ basic obfuscation through string replacement and base64 encoding, making them appear benign while evading straightforward detection.
Read more…
Source: Sonicwall
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- New Rorschach ransomware is the fastest encryptor seen so far
April 4, 2023
Following a cyberattack on a U.S.-based company, malware researchers discovered what appears to be a new ransomware strain with “technically unique features,” which they named Rorschach. Among the capabilities observed is the encryption speed, which, according to tests from the researchers, would make Rorschach the fastest ransomware threat today. Read more… Source: Bleeping Computer
- Uber driver info stolen yet again: This time from law firm
April 4, 2023
Uber has had more of its internal data stolen from a third party that suffered a security breach. This time, the personal info of the app’s drivers was swiped by miscreants from the IT systems of law firm Genova Burns. In a letter to affected drivers, the lawyers said they had looked into the intrusion, and ...
- Western Digital suffers cyber attack, shuts down systems
April 3, 2023
The company said on 3 April that it identified a network security incident on 26 March. It confirmed that an unauthorised third party gained access to a number of the company’s systems. After realising it had been breached, Western Digital enacted its incident response protocols and hired external security and forensic experts. Read more… Source: IT Pro
- Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack
April 3, 2023
On March 29, Crowdstrike published a report about a supply chain attack conducted via 3CXDesktopApp, a popular VoIP program. Since then, the security community has started analyzing the attack and sharing their findings. The following has been discovered so far: The infection is spread via 3CXDesktopApp MSI installers. An installer for macOS has also been trojanized. The ...
- Unpacking the Structure of Modern Cybercrime Organizations
April 3, 2023
Trend Micro reearchers examine three differently sized criminal groups to know how they compare to similarly sized legitimate businesses in terms of how they are organized. Trend Micro also discuss how threat researchers can use their knowledge of the size and structure of a target criminal organization to aid their investigation. The last 20 years have ...
- CISA Adds One Known Exploited Vulnerability to Catalog
April 3, 2023
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation. CVE-2022-27926 Zimbra Collaboration (ZCS) Cross-Site Scripting (XSS) Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency