Recently, the SonicWall Capture Labs threat research team has identified various malware strains being distributed through a custom VMDetector Loader. This loader is typically delivered to the victim’s system via image files embedded with steganography. The primary payloads observed include popular malware families such as Remcos, VIPKeyLogger, AveMariaRAT, DCRAT, FormBook, and others.
Attackers send an email with an archive file that includes either JavaScript, VBScript, or HTA content. The embedded scripts employ basic obfuscation through string replacement and base64 encoding, making them appear benign while evading straightforward detection.
Read more…
Source: Sonicwall
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Warehouse belonging to Chinese payment terminal manufacturer raided by FBI
October 27, 2021
US feds were spotted raiding a warehouse belonging to Chinese payment terminal manufacturer PAX Technology in Jacksonville, Florida, on Tuesday, with speculation abounding that the machines contained preinstalled malware. PAX Technology is headquartered in Shenzhen, China, and is one of the largest electronic payment providers in the world. It operates around 60 million point-of-sale (PoS) payment ...
- Meet Balikbayan Foxes: a threat group impersonating the Philippine gov’t
October 27, 2021
Proofpoint has uncovered a new, “highly active” threat group that is impersonating the Philippine government and businesses to spread Trojan malware. On Wednesday, researchers Selena Larson and Joe Wise said the threat actors, dubbed “Balikbayan Foxes” and tracked as TA2722, are concentrated in the Philippines but are targeting the shipping, logistics, manufacturing, pharmaceutical, business, and energy ...
- Iran struggles to relaunch petrol stations after cyber attack
October 27, 2021
Iran struggled Wednesday to restart its petrol distribution system after it was hit by an unprecedented cyber-attack which security officials said was launched from abroad. The unclaimed attack crippled the country’s system of government-issued electronic cards which motorists use to purchase heavily subsidised fuel. Long queues have formed outside petrol stations, angering motorists in a country already ...
- FBI: Ranzy Locker ransomware hit at least 30 US companies this year
October 26, 2021
The FBI said on Monday that Ranzy Locker ransomware operators had compromised at least 30 US companies this year from various industry sectors. “Unknown cyber criminals using Ranzy Locker ransomware had compromised more than 30 US businesses as of July 2021,” the FBI said in a TLP: WHITE flash alert. “The victims include the construction subsector of ...
- What To Expect in a Ransomware Negotiation
October 26, 2021
We all know the risk of a ransomware attack. Headlines of the latest victims might haunt the dreams of chief information security officers (CISOs) and security operations centers (SOCs) due to the multi-extortion models used by modern ransomware groups. We wanted to get a better understanding of what victims go through during the aftermath and recovery ...
- Money launderers for Russian hacking groups arrested in Ukraine
October 26, 2021
The Ukrainian cybercrime police force has arrested members of a group of money launderers and hackers at the request of U.S. intelligence services. In a press release by Ukraine’s SSU, law enforcement says the individuals engaged in large-scale international operations where they laundered tens of millions of USD for various hacking groups. To engage with their “clients,” ...