Custom 'Naplistener' Malware a Nightmare for Network-Based Detection

MuzzMelbourne

MuzzMelbourne

Level 15
Thread author
Verified
Top Poster
Well-known
Mar 13, 2022
599
Content source
https://www.darkreading.com/threat-intelligence/custom-naplistener-malware-network-based-detection-sleep
A group monitored as REF2924 by Elastic Security Labs is wielding novel data-stealing malware — an HTTP listener written in C# dubbed Naplistener by the researchers — in attacks against victims operating in southern and southeast Asia.

According to a blog post by Elastic senior security research engineer Remco Sprooten, in that region of the world, network-based detection and prevention technologies are the de facto method for securing many environments. But Naplistener — along with other new types of malware used by the group —appear "designed to evade network-based forms of detection," says Jake King, Elastic Security's director of engineering.

So, don't sleep on that defense-in-depth strategy.

Researchers observed Naplistener in the form of a new executable that was created and installed on a victim network as a Windows Service on Jan. 20. Threat actors created the executable, Wmdtc.exe, using a naming convention similar to the legitimate binary used by the Microsoft Distributed Transaction Coordinator service.
Click to expand...
www.darkreading.com

Custom 'Naplistener' Malware a Nightmare for Network-Based Detection

Threat actors are using legitimate network assets and open source code to fly under the radar in data-stealing attacks using a set of custom malware bent on evasion.
www.darkreading.com www.darkreading.com
 
  • Like
  • +Reputation
  • Wow
Reactions: Zero Knowledge, plat, [correlate] and 2 others
You must log in or register to reply here.

Similar threads

[correlate]
    • Like
    • +Reputation
Not sleeping anymore: SOMNIRECORD's wake-up call
Replies
0
Views
991
News Archive
[correlate]
[correlate]
Brownie2019
    • Like
Malware News A newly identified malware family abuses the Outlook mail service for communication, via the Microsoft Graph API.
Replies
0
Views
708
Security News
Brownie2019
Brownie2019
[correlate]
    • Like
Elastic catches DPRK passing out KANDYKORN
Replies
0
Views
1,137
News Archive
[correlate]
[correlate]

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top