Advanced Obfuscation Marks Widespread Info-Stealing Campaign

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
A large-scale spam campaign bent on spreading info-stealing malware is applying advanced obfuscation techniques to get around security scanning and maximize infection rates.

According to Lastline researchers, a large botnet is distributing malicious rich text format (RTF) documents that act as downloaders for well-known info-stealers, such as Agent Tesla or LokiBot. These malware variants steal a variety of credentials – including FTP credentials, stored email passwords, passwords stored in the browser, as well as a whole host of other credentials. The effort is linked to another recent spam campaign identified by Cisco Talos, Lastline said.

The firm found that many of the targeted entities are within the education sector in the Asia-Pacific region; however, the campaign also seems to be using a second, “spray-and-pray” approach on other potential victims.

“Some email subjects were quite generic, which implies that attackers used the spam campaign to target the generic public,” according to an analysis, published Thursday. In other cases, “email subjects were customized to specific targets or events, aiming to maximize its infection rate.”

The researchers found that the campaign uses common attack techniques, such as data obfuscation and VBA scripting, but that it also goes to great lengths to hide its infection processes.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top