- Jun 9, 2013
- 6,720
A malware coder is injecting megabytes of junk data inside his malicious payloads, hoping to avoid detection by some antivirus solutions or delay investigations of infosec professionals.
Known only as "123", this malware coder has been active since 2015, when he was first spotted deploying the XXMM malware. His activity falls in the category of targeted attacks, this crook focusing on infecting computers at Japanese companies for the purpose of exfiltrating sensitive data.
123 malware author behind three malware families
According to reports, this threat actor is behind at least three malware families, named XXMM, ShadowWali, and Wali, respectively.
Security firms noted 123's initial attacks with the XXMM malware in 2015, but they deemed it an usophisticated, albeit very effective, backdoor.
The interest in 123's activities piqued again over the past month after they unearthed two new malware families created by the same coder.
Read More. Malware Author Inflates Backdoor Trojan With Junk Data Hoping to Avoid Detection
Known only as "123", this malware coder has been active since 2015, when he was first spotted deploying the XXMM malware. His activity falls in the category of targeted attacks, this crook focusing on infecting computers at Japanese companies for the purpose of exfiltrating sensitive data.
123 malware author behind three malware families
According to reports, this threat actor is behind at least three malware families, named XXMM, ShadowWali, and Wali, respectively.
Security firms noted 123's initial attacks with the XXMM malware in 2015, but they deemed it an usophisticated, albeit very effective, backdoor.
The interest in 123's activities piqued again over the past month after they unearthed two new malware families created by the same coder.
Read More. Malware Author Inflates Backdoor Trojan With Junk Data Hoping to Avoid Detection
