Malware News Bad Actors Sizing Up Systems Via Lightweight Recon Malware

[silversurfer]

Content source

https://threatpost.com/bad-actors-sizing-up-systems-via-lightweight-recon-malware/137364/

These stealthy downloaders initially infect systems and then only install additional malware on systems of interest.

Well-known financial crime gang Cobalt Group and other threat actors have recently shifted tactics to incorporate lightweight modular downloaders that “vet” target machines for their attractiveness before proceeding with a full-fledged attack.

The emergence of the AdvisorsBot and Marap malwares, as well a zero-day attack by the PowerPool actors and Cobalt Group’s use of its custom CobInt code, indicate a new trend for financial adversaries.

“Threat actors — from newer players…to established actors like TA505 and Cobalt Group – are increasingly looking to stealthy downloaders to initially infect systems and then only install additional malware on systems of interest,” Proofpoint researchers explained in a blog on Tuesday, adding that the idea is to increase effectiveness and boost efficiency and ROI for the bad actors.