Cyber scammers prey on potential breach victims. Washington State University involved in third-party data breach. Lawmakers call for investigation into illegal sharing of tax prep data.
Cyber scammers prey on potential breach victims. Washington State University involved in third-party data breach. Lawmakers call for investigation into illegal sharing of tax prep data. Read More
MacOS info-stealers quickly evolve to evade XProtect detection
Multiple information stealers for the macOS platform have demonstrated the capability to evade detection even when security companies follow and report about new variants frequently. […] Read More
Top 3 Malware Loaders of 2023 that Fueling 80% of Cyber Attacks
SOC teams find malware loaders challenging, as the different loaders, even for the same malware, need distinct mitigation.
Besides this, they are the key and most important elements for initial network access and payload delivery, for which remote-access software and post-exploitation tools are most sought.
Detecting a malware loader doesn’t always mean network compromise, as sometimes, in the kill chain, it’s stopped early.
However, cybersecurity analysts at ReliaQuest have recently uncovered a multitude of malware loaders that were observed to be the most active this year in 2023.
Unveiled Malware Loaders
Here below, we have mentioned all the malware loaders that were unveiled recently by the cybersecurity experts at ReliaQuest:-
Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware
QakBot
QakBot started as a banking trojan and swiftly evolved with more functions. Beyond network entry, it does the following things:-
Spreads payloads
Steals data
Aids lateral movement
Enables remote execution
Qbot is linked to the “Black Basta” ransomware gang, and it operates discovery, C2 communication, info relay, and payload drop for post-exploitation goals.
QakBot swiftly adapted to Microsoft’s MOTW with HTML smuggling. It also shifted payload file types, even using OneNote files in a Feb 2023 campaign against US entities.
SocGholish
SocGholis is a notorious JavaScript-based loader that primarily targets users and entities using Windows OS. This malware loader spreads through drive-by downloads on compromised websites, fooling visitors with Microsoft Teams and Adobe Flash fake updates.
SocGholish is tied to the Russia-based group “Evil Corp,” which targets US industries like-
Accommodation
Retail
Law
Apart from this, It’s also connected to “Exotic Lily,” an initial access broker, selling access gained through phishing to other threat actors, including ransomware groups.
This malware loader emerged in 2022, spreading through compromised websites and social engineering. With just a few clicks, it can impact entire domains or networks, and in 2023, it launched several watering hole attacks aggressively.
Raspberry Robin
Raspberry Robin is a highly elusive worm-turned-loader that targets users and entities using Microsoft Windows OS. It spreads through malicious USB devices, using LNK files to trigger native Windows processes and download its DLL.
Moreover, this malware loader uses many techniques to evade detection, including creating scheduled tasks and code injection.
Raspberry Robin is linked to multiple dangerous groups, including Evil Corp and Silence (aka Whisper Spider).
In addition to the Cobalt Strike tool, Raspberry Robin is used by threat actors to deliver multiple variants of ransomware and other malware like-
Moreover, the Raspberry Robin malware loader is also linked to SocGholish ops in legal and financial services organizations in Q1 2023, signaling crime syndicate collab.