by Jaromir Horejsi, Joseph C. Chen, and Loseway Lu – We noticed a series of testing submissions in VirusTotal that apparently came from the same group of malware developers in Moldova, at least based on the filenames and the submissions’ source.
It appears they are working on a new malware that — based on how they were coded — is most likely intended to spread through spam emails embedded with malicious attachments. Trend Micro detects this malware as JS_DLOADR and W2KM_DLOADR.
The downloader malware’s payloads (TROJ_SPYSIVIT.A and JAVA_ SPYSIVIT.A) are what make it notable. It delivers a version of the Revisit remote administration tool, which is used to hijack the infected system. More importantly, it also delivers a malicious extension that could serve as a backdoor, stealing information keyed in on browsers.
Abusing legitimate remote access tools (and stealing its configurations) is not new…
Lese weiter auf: Malicious Edge and Chrome Extension Used to Deliver Backdoor
Quelle: TrendLabs Malware Blog
Kommentare und FragenMöchtest Du zu diesem Artikel ein Kommentar abgeben oder hast dazu eine Frage, dann mach dies bitte immer auf der Herausgeberseite!
Aktuelles von TrendLabs Malware Blog
- Viro Botnet Ransomware Breaks Through
- September Patch Tuesday: Windows Fixes ALPC Elevation of Privilege, Remote Code Execution Vulnerabilities
- A Closer Look at the Locky Poser, PyLocky Ransomware
- Stolen Data from Chinese Hotel Chain and Other Illicit Products Sold in Deep Web Forum
- The Urpage Connection to Bahamut, Confucius and Patchwork
- IQY and PowerShell Abused by Spam Campaign to Infect Users in Japan with BEBLOH and URSNIF
- Supply Chain Attack Operation Red Signature Targets South Korean Organizations
- Use-after-free (UAF) Vulnerability CVE-2018-8373 in VBScript Engine Affects Internet Explorer to Run Shellcode
- August Patch Tuesday: A Tale of Two Zero-Days
- Ransomware as a Service Princess Evolution Looking for Affiliates
Diese Information erscheint unabhängig vom Artikel!