The bottom line is that a great deal of time and investment goes into malicious tools like this and the owners will go to great lengths over time to keep the investment viable.Ģ. Even though such continuous upgrading helps malware avoid detection mechanisms, it also results in related malware versions.” “(M)alware families require a lot of maintenance and improvement to achieve long-term operability. A blog post published in September 2020 from Reversing Labs documents this and notes:
We know that this RAT module has variants that trace back to 2011. Malicious actors are using malware variants in conjunction with proxy servers to maintain a presence on victim networks and to further network exploitation. The loader first decrypts the encrypted main RAT module, and then executes its exported start function. The new version of the RAT consists of two parts: a loader in a DLL form, and a main RAT module that comes as RC4-encrypted binary data. This is one of the oldest trojans still circulating. Our first example, Taidoor, is a RAT connected to Chinese government actors as assessed by the United States Federal Bureau of Investigation (FBI) with high confidence. Like any productive software, malicious actors are continuously updating trojans using C2 infrastructure
Their highly distributed command-and-control (C2) infrastructure makes takedown much harder to implement.īut there are more tricks that make these the workhorses of unauthorized hackers.ġ.Their “Swiss Army knife” abilities allow them to deploy follow-up malware in a Loader-as-a-Service model that does further damage down the cyberattack chain.Some of the reasons why attackers reuse malware include: In that report, we cited Emotet and Ursnif/Gozi as examples of trojans that have evolved on to bigger and badder things.
We observed this transformation of trojans in The modern cybersecurity landscape: Scaling for threats in motion, published in November 2020.
0 kommentar(er)
