Facebook   Tumblr   LinkedIn

Malware uses Obfuscation To Avoid AV

Walden Systems Geeks Corner News Malware uses Obfuscation To Avoid AV Rutherford NJ New Jersey NYC New York City North Bergen County
Rita gives you full control of what sites your employees visit. Rita can block sites that eat up your precious bandwidth such as media streaming sites. Rita enables you full control of what sites your employees can and cannot visit. Rita gives you the ability to block undesirable sites by wildcard or by name. Rita gives you the ability to determine which computers will be blocked and which will be allowed. With Rita, you can block access to sensitive servers within your LAN.

An active threat customizes droppers to infect machines and steal credentials and other data from browsers. Researchers warn hackers are putting a new spin on old injection techniques and successfully end-running endpoint protection. They are tracking a campaign, that kicked off in January, that is still going strong exploiting weaknesses in web browsers. The objective is to hide in the background of infected systems in order to steal user passwords, track online habits and hijack personal information.

The hackers use custom droppers, which inject the final malware into common processes on the machines. Once infected, the malware can steal information from many popular pieces of software, including the Google Chrome, Safari and Firefox web browsers. Hackers are using injection techniques that have been used for many years, but with new, custom capabilities that are making them difficult for anti-virus protections to detect.

The first stage is typically from an email with a malicious attachment that is actually an ARJ archive technology from the 1990s used by software pirates to convert files into archives. Instead of splitting into multiple files, however, hackers in the recent dropper campaigns attach a single executable file to the attachment. Hackers are using this old archive format because they hope to bypass weak email security gateways.

If the file is opened, it goes through several more processes to elude detection, including decryption just before runtime, and never on the hard drive. In this way, it can inject a dropper onto a victim's machine, such as AgentTesla, that is capable of stealing credentials from most browsers, email clients, SSH/SFTP/FTP clients and other software.

This attack is more evidence of how hackers are crafting modern malware to fly under the radar and avoid detection by current AV and basic security protections. Any internet user is a potential target of this malware, and if infected, has the potential to completely take away a user’s online privacy.