Recently, the SonicWall Capture Labs threat research team has identified various malware strains being distributed through a custom VMDetector Loader. This loader is typically delivered to the victim’s system via image files embedded with steganography. The primary payloads observed include popular malware families such as Remcos, VIPKeyLogger, AveMariaRAT, DCRAT, FormBook, and others.
Attackers send an email with an archive file that includes either JavaScript, VBScript, or HTA content. The embedded scripts employ basic obfuscation through string replacement and base64 encoding, making them appear benign while evading straightforward detection.
Read more…
Source: Sonicwall
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- RIG Exploit Kit still infects enterprise users via Internet Explorer
February 27, 2023
The RIG Exploit Kit is undergoing its most successful period, attempting roughly 2,000 intrusions daily and succeeding in about 30% of cases, the highest ratio in the service’s long operational history. By exploiting relatively old Internet Explorer vulnerabilities, RIG EK has been seen distributing various malware families, including Dridex, SmokeLoader, and RaccoonStealer. Read more… Source: Bleeping Computer
- A Deep Dive into the Evolution of Ransomware Part 3
February 27, 2023
Ransomware is an ever-growing problem that has wreaked havoc across a multitude of industries, with astronomical ransom demands leaving businesses and infrastructure feeling powerless. From major hospitals to enterprises – no sector was immune from the impact of ransomware’s widespread infiltration in recent years. Trend Micro researchers discussed what triggers threat actors from changing their business ...
- LastPass: DevOps engineer hacked to steal password vault data in 2022 breach
February 27, 2023
LastPass revealed more information on a “coordinated second attack,” where a threat actor accessed and stole data from the Amazon AWS cloud storage servers for over two months. LastPass disclosed a breach in December where threat actors stole partially encrypted password vault data and customer information. Read more… Source: Bleeping Computer
- News Corp says state hackers were on its network for two years
February 24, 2023
Mass media and publishing giant News Corporation (News Corp) says that attackers behind a breach disclosed in 2022 first gained access to its systems two years before, in February 2020. This was revealed in data breach notification letters sent to employees affected by the data breach, who had some of their personal and health information accessed, ...
- Clasiopa: New group targets materials research organization in Asia
February 23, 2023
A hitherto unknown attack group has been observed targeting a materials research organization in Asia. The group, which Symantec calls Clasiopa, is characterized by a distinct toolset, which includes one piece of custom malware (Backdoor.Atharvan). At present, there is no firm evidence on where Clasiopa is based or whom it acts on behalf. The infection vector ...
- Cyberattack on food giant Dole, temporarily shuts down North American production
February 23, 2023
Produce giant Dole was forced to temporarily shut down its production plants in North America and halt food shipments to grocery stores after being targeted in a cyberattack. The previously unreported hack, which a source familiar with the incident said was ransomware, led some grocery shoppers to complain on Facebook in recent days that store shelves ...