Tag: Multistage | SpinSafe

Hackers are loading SVG files with multi-stage malware in new phishing attack

April 9, 2024/in Computer Security

A sophisticated new phishing attack was spotted in the wild, leveraging a wide variety of tools to bypass antivirus protections and ultimately deliver different Remote Access Trojan (RAT) malware.

According to cybersecurity researchers at Fortinet, an unidentified threat actor was seen sending phishing emails, stating a shipment has been delivered, and attaching an invoice. This attachment, however, is a Scalable Vector Graphics (SVG) file which, when run, triggers the infection sequence.

The SVG file drops a ZIP archive created with BatCloak – a tool designed to help malware bypass antivirus protection. This archive unpacks a ScrubCrypt batch file, which is another antivirus-evading tool which, in turn, sets up persistence, and bypasses AMSI and ETW protections to deliver the Venom RAT.

Rat infestation

While ScrubCrypt was first seen last year, and linked to the 8220 Gang threat actor, Fortinet does not mention if the same group was behind this campaign as well.

Venom RAT is described as a fork of Quasar RAT, and a powerful remote access trojan allowing threat actors full system takeover, sensitive data exfiltration, and more.

“While Venom RAT’s primary program may appear straightforward, it maintains communication channels with the C2 server to acquire additional plugins for various activities,” the researchers said in the report. “This includes Venom RAT v6.0.3 with keylogger capabilities, NanoCore RAT, XWorm, and Remcos RAT.

“This [Remcos RAT] plugin was distributed from VenomRAT’s C2 using three methods: an obfuscated VBS script named ‘remcos.vbs,’ ScrubCrypt, and Guloader PowerShell,” they added.

Besides Venom RAT, the researchers observed the malware dropping Remcos RAT, XWorm, NanoCore RAT, and a stealer that grabs information from cryptocurrency wallets such as Atomic Wallet, Electrum, Exodus, Jaxx Liberty, and others. Information from Foxmail and Telegram were also being exfiltrated to a remote server, they concluded.

The best way to protect against these attacks is to be extra careful when receiving emails with links, attachments, or similar…

Source…

Multi-stage malware sneaks into Google Play

November 19, 2017/in Mobile Security

Multi-stage malware sneaks into Google Play We Live Security (blog)

You can now talk to Google Assistant on your Nexus Player Android Authority (blog)
UC Browser has been taken down from Google Play Store : Android – Reddit Reddit

Full coverage

android security news – read more

Review: FireEye fights off multi-stage malware

December 27, 2014/in Computer Security

You can’t see some malware until it’s too late. Sophisticated attacks arrive in pieces, each seemingly benign. Once these advanced attacks reassemble, the target is already compromised.

FireEye takes a new approach to malware detection with its NX appliances. As this Clear Choice test shows, the FireEye device allows advanced malware to proceed – but only onto virtual machines running inside the appliance.

In our tests, the FireEye appliance performed flawlessly. It detected all the multi-stage malware samples we threw at it, including some involving recent zero-day exploits. The top-of-the-line NX 10000 ran at speeds beyond 4Gbps in inline mode, and at better than 9Gbps in tap mode, both with and without attack traffic present.

To read this article in full or to leave a comment, please click here

Network World Security

Security Researchers Find Multistage Android Malware on Google Play – PCWorld (blog)

July 12, 2012/in Mobile Security

Moneycontrol.com

Security Researchers Find Multistage Android Malware on Google Play
PCWorld (blog)
… user is likely to assume that the additional apps also originate from there. Symantec detects the two newly found malware apps as Android.Dropdialer. The Android security team immediately removed the threat after being notified by Symantec, Asrar said.
Android Dropdialer Trojan poses as games on Google PlayBetaNews
Warning: GTA, Super Mario on Google Play are Android malwareZDNet (blog)
Android Malware shows Limitations of Google's SecurityIBTimes.co.uk
IT PRO
all 51 news articles »

“android security” – read more

Tag Archive for: Multistage