MissConstrueLook y’all, it can’t be a political shitstorm ALL the time. We have to leave time for #infosec shitstorms too! Major new #malware on the loose.
Here’s the TLDR from the researchers:
#Securonix Threat Research has been tracking a stealthy malware campaign that uses an uncommon chain of #VHD abuse, script-based execution, self-parsing batch logic, fileless PowerShell injections and ultimately dropping #RAT. The attack leverages IPFS-hosted VHD files, extreme script obfuscation, runtime decryption, and in-memory shellcode injection into trusted Windows processes, never dropping a decrypted binary to disk.
In English: Malware is delivered via what looks like a PDF. This pdf will open and run a virtual hard drive (vhd), able to execute code without leaving a trace. It’s beautiful, but evil as fuck.
What to do? Don’t open files from unknown senders.
#deadvax
https://www.securonix.com/blog/deadvax-threat-research-security-advisory/
