Trend Micro found that the threat arrived with file exfiltration, remote desktop access and other functions common among malware strains. However, it also creates scheduled tasks for the purpose of infecting the machine with BIOPASS RAT malware. Both programs are already deprecated.Įach installer downloads the real application. This message instructs them to download an updated version of either Adobe Flash Player or Microsoft Silverlight. Next, it replaces the real page’s content with a page that displays an error message. From there, they could load either the BIOPASS RAT or Cobalt Strike.įirst, the injection script scans for signs of existing infection. The campaign begins with a watering hole attack, where attackers compromise a website by placing an injection script into a target’s online chat support page. Read on to learn about a unique attempt that BIOPASS uses to sniff a victim’s screen. In addition, they discovered it was spread in conjunction with the Cobalt Strike malware. The security firm dubbed this threat ‘BIOPASS RAT’ (for remote access Trojan). In one scenario detected by Trend Micro, the campaign dropped a previously undocumented backdoor written in Python. Researchers discovered a new attack campaign targeting online gambling companies in China with one of two malware payloads.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |