Recently, the SonicWall Capture Labs threat research team has identified various malware strains being distributed through a custom VMDetector Loader. This loader is typically delivered to the victim’s system via image files embedded with steganography. The primary payloads observed include popular malware families such as Remcos, VIPKeyLogger, AveMariaRAT, DCRAT, FormBook, and others.
Attackers send an email with an archive file that includes either JavaScript, VBScript, or HTA content. The embedded scripts employ basic obfuscation through string replacement and base64 encoding, making them appear benign while evading straightforward detection.
Read more…
Source: Sonicwall
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Canada: Cyber attack hits engineering giant with contracts for military bases, power plants
March 9, 2023
A Canadian engineering giant whose work involves critical military, power and transportation infrastructure across the country has been hit with a ransomware attack. Toronto-based Black & McDonald has so far refused to publicly comment on the cyberattack, while the Department of National Defence and other clients of the company have downplayed any impact or damage. Read more… Source: ...
- Suspected Chinese cyber spies target unpatched SonicWall devices
March 9, 2023
Suspected Chinese cyber criminals have zeroed in on unpatched SonicWall gateways and are infecting the devices with credential-stealing malware that persists through firmware upgrades, according to Mandiant. The spyware targets the SonicWall Secure Mobile Access (SMA) 100 Series – a gateway device that provides VPN access to remote users. Read more… Source: The Register
- Examining Ransomware Payments From a Data-Science Lens
March 9, 2023
Ransomware has come a long way since the Internet’s pre-cryptocurrency days. The advent of cryptocurrency was an important turning point in the evolution of this cyberthreat, as malicious actors are now no longer confined to available local or regional payment options when collecting ransom payments. The operation costs and monetization models of a ransomware group can be ...
- Fortinet warns of new critical unauthenticated RCE vulnerability
March 8, 2023
Fortinet has disclosed a “Critical” vulnerability impacting FortiOS and FortiProxy, which allows an unauthenticated attacker to execute arbitrary code or perform denial of service (DoS) on the GUI of vulnerable devices using specially crafted requests. This buffer underflow vulnerability is tracked as CVE-2023-25610 and has a CVSS v3 score of 9.3, rating it critical. This type ...
- These DrayTek routers are under actual attack – and there’s no patch
March 8, 2023
If you’re still using post-support DrayTek Vigor routers it may be time to junk them, or come up with some other workaround, as a cunning malware variant is setting up shop in the kit. The operators behind the Hiatus malware campaign are hijacking DrayTek Vigor router models 2960 and 3900 powered by MIPS, i386 and Arm-based ...
- New malware variant has “radio silence” mode to evade detection
March 7, 2023
The Sharp Panda cyber-espionage hacking group is targeting high-profile government entities in Vietnam, Thailand, and Indonesia with a new version of the ‘Soul’ malware framework. The particular malware was previously seen in espionage campaigns targeting critical Southeast Asian organizations, attributed to various Chinese APTs. Read more… Source: Bleeping Computer