Custom 'Naplistener' Malware a Nightmare for Network-Based Detection

MuzzMelbourne

MuzzMelbourne

Level 15
Thread author
Verified
Top Poster
Well-known
Mar 13, 2022
544
3,920
1,369
Australia
Content source
https://www.darkreading.com/threat-intelligence/custom-naplistener-malware-network-based-detection-sleep
A group monitored as REF2924 by Elastic Security Labs is wielding novel data-stealing malware — an HTTP listener written in C# dubbed Naplistener by the researchers — in attacks against victims operating in southern and southeast Asia.

According to a blog post by Elastic senior security research engineer Remco Sprooten, in that region of the world, network-based detection and prevention technologies are the de facto method for securing many environments. But Naplistener — along with other new types of malware used by the group —appear "designed to evade network-based forms of detection," says Jake King, Elastic Security's director of engineering.

So, don't sleep on that defense-in-depth strategy.

Researchers observed Naplistener in the form of a new executable that was created and installed on a victim network as a Windows Service on Jan. 20. Threat actors created the executable, Wmdtc.exe, using a naming convention similar to the legitimate binary used by the Microsoft Distributed Transaction Coordinator service.
Click to expand...
www.darkreading.com

Custom 'Naplistener' Malware a Nightmare for Network-Based Detection

Threat actors are using legitimate network assets and open source code to fly under the radar in data-stealing attacks using a set of custom malware bent on evasion.
www.darkreading.com www.darkreading.com
 
  • Like
  • +Reputation
  • Wow
Reactions: Zero Knowledge, plat, [correlate] and 2 others
You must log in or register to reply here.

You may also like...