Dangerous new malware dances past more than 50 antivirus services
source link: https://www.techradar.com/news/dangerous-new-malware-dances-past-more-than-50-antivirus-services
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Dangerous new malware dances past more than 50 antivirus services
(Image credit: Shutterstock / ozrimoz)
Researchers have discovered a new malware sample capable of hiding from more than 50 antivirus (opens in new tab) products available on the market right now.
The malware was discovered by cybersecurity researchers from Unit 42, the threat intelligence team at Palo Alto Networks. The team first spotted the strain in May, when it discovered that it was built using the Brute Ratel (BRC4) tool.
BRC4’s developers claim to have even reverse-engineered popular antivirus products, to make sure their tool avoids detection.
The quality of the design and the speed at which it was distributed between the victims' endpoints has convinced the researchers that a state-sponsored actor is behind the campaign.
Russian methods
While the tool itself is dangerous, the researchers were more interested in its distribution path, which indicates a state-sponsored actor is in play.
The malware is being distributed in the form of a fake CV document. The CV is an ISO file that, once mounted onto a virtual drive, displays something resembling a Microsoft Word document.
While the researchers still can’t pinpoint exactly who the threat actor behind BRC4 is, they suspect Russian-based APT29 (AKA Cozy Bear), which has used weaponized ISOs in the past.
Another hint suggesting that a state-sponsored actor is in play is the speed at which BRC4 was leveraged. The ISO was created the same day the latest version of BRC4 was published.
"The analysis of the two samples described in this blog, as well as the advanced tradecraft used to package these payloads, make it clear that malicious cyber actors have begun to adopt this capability," Unit 42 wrote in a blog post.
"We believe it is imperative that all security vendors create protections to detect BRC4 and that all organizations take proactive measures to defend against this tool."
- Keep your devices safe with the best ransomware protection (opens in new tab) services right now
Recommend
-
49
Researchers have found a way to run malicious code on systems with Intel processors in such a way that the malware can't be analyzed or identified by antivirus software,...
-
6
-
13
TechElon Musk breaks out the dance moves as he opens new Tesla factory in GermanyPublished Tue, Mar 22 20226:46 AM EDTUpdated Wed, Mar 23 20226:32 A...
-
5
News Analysis Rare and dangerous Incontroller malware targets ICS operations A coalition of U.S. gover...
-
11
Spotify dances to the open source beat Dancing illustrationImage Credit: Spotif...
-
8
Community Dangerous malware is up 86%: Here’s how AI can help Image Credit: traffic_analyzer/Getty
-
10
Android 13's squiggly media player dances to the music with you By Will Sattelberg Published 23 hours ago It's grooving along to your favorite song...
-
8
How TikTok dances trained AI to perceive depth Skip to main content
-
8
Virtual Party Dances Onto Quest This Week Skip to content Please disable your ad block...
-
10
Britney Spears Dances While Changing Outfits in White Wedged BootsAaron RoyceMon, December 25, 2023, 3:01 AM GM...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK