Recently, the SonicWall Capture Labs threat research team has identified various malware strains being distributed through a custom VMDetector Loader. This loader is typically delivered to the victim’s system via image files embedded with steganography. The primary payloads observed include popular malware families such as Remcos, VIPKeyLogger, AveMariaRAT, DCRAT, FormBook, and others.
Attackers send an email with an archive file that includes either JavaScript, VBScript, or HTA content. The embedded scripts employ basic obfuscation through string replacement and base64 encoding, making them appear benign while evading straightforward detection.
Read more…
Source: Sonicwall
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Mobile Rotexy Malware Touts Ransomware, Banking Trojan Functions
November 26, 2018
A mobile malware has accelerated its activity in 2018, launching more than 70k attacks in August through October. Mobile malware, dubbed Rotexy, has evolved from being spyware to now a dangerous banking trojan packing a host of new clever features. Researchers report 70,000 attacks between August and October with targets primarily based in Russia. In a technical brief released ...
- Rowhammer attacks can now bypass ECC memory protections
November 22, 2018
Academics from the Vrije University in Amsterdam, Holland, have published a research paper today describing a new variation of the Rowhammer attack. For readers unfamiliar with the term, Rowhammer is the name of a class of exploits that takes advantage of a hardware design flaw in modern memory cards. By default, a memory card stores temporary data ...
- Lazarus APT Uses Modular Backdoor to Target Financial Institutions
November 21, 2018
The advanced persistent threat group Lazarus with North Korean links has been observed using a modular backdoor during last week to compromise a series of Latin American financial institutions by Trend Micro’s Lenart Bermejo and Joelson Soares. As unearthed by the Trend Micro research team, the APT38 threat group successfully compromised a number of computing systems ...
- L0rdix becomes the new Swiss Army knife of Windows hacking
November 21, 2018
A new hacking tool making the rounds in underground forums has been deemed the latest “go-to” universal offering for attackers targeting Microsoft Windows PCs. The software is called L0rdix and according to cybersecurity researchers from enSilo is “aimed at infecting Windows-based machines, combines stealing and cryptocurrency mining methods, can avoid malware analysis tools.” In a blog ...
- Russia’s Elite Hackers May Have New Phishing Tricks
November 20, 2018
A major question hanging over the United States midterm election season: Where was Russia? But while GRU hackersdidn’t directly interfere, they appear to be as active as ever. New research from two threat intelligence firms indicates that two prominent Russia-linked groups have been developing some clever phishing innovations, and are working purposefully to expand their reach. “There’s a lot of ramping ...
- True Identity of Notorious Hacker tessa88 Revealed
November 20, 2018
In early 2016, a previously unknown hacker operating under the alias of tessa88 publicly emerged after offering an extensive list of compromised, high-profile databases for sale. The hacker offered for sale the databases of companies such as VKontakte, Mobango, Myspace, Badoo, QIP, Dropbox, Rambler, LinkedIn, and Twitter, among others. Within several months of incredibly active ...