Malware Loader Goes Through Heaven's Gate to Avoid Detection

silversurfer

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Forum Veteran
Aug 17, 2014
12,738
123,886
8,399
Content source
https://www.bleepingcomputer.com/news/security/malware-loader-goes-through-heavens-gate-to-avoid-detection/
Researchers discovered a malware loader specifically designed by its developers to hide in plain sight and allow the payload to evade detection by anti-malware solutions by injecting into the memory of compromised computers.

The malicious loader uses "the infamous 'Heaven's Gate' technique — a trick that allows 32-bit malware running on 64-bit systems to hide API calls by switching to a 64-bit environment," as described by Cisco Talos' Holger Unterbrink and Edmund Brumaghin.

Malware developers add antivirus evasion features to their "products" to lengthen the period of time between their initial release and the moment anti-malware solutions detect them.

The loader distributed by the new campaign discovered by the Cisco Talos research team deploys its deception cloak for the purpose of dropping various strains of malware such as the HawkEye Reborn keylogger/stealer, the Remcos remote access tool (RAT), and several XMR-based malicious miners.
Click to expand...
blog.talosintelligence.com

RATs and stealers rush through “Heaven’s Gate” with new loader

By Holger Unterbrink and Edmund Brumaghin. Executive summary Malware is constantly finding new ways to avoid detection. This doesn't mean that some will never be detected, but it does allow adversaries to increase the period of time between initial release and detection. Flying under the...
blog.talosintelligence.com blog.talosintelligence.com
 
  • Like
Reactions: SeriousHoax, g4nu5, Fel Grossi and 7 others
silversurfer said:
blog.talosintelligence.com

RATs and stealers rush through “Heaven’s Gate” with new loader

By Holger Unterbrink and Edmund Brumaghin. Executive summary Malware is constantly finding new ways to avoid detection. This doesn't mean that some will never be detected, but it does allow adversaries to increase the period of time between initial release and detection. Flying under the...
blog.talosintelligence.com blog.talosintelligence.com
Click to expand...
Interesting article,What I do not understand,is the outfit Cisco Talos, who publishes above article dosn"t give recommendation to what can stop this type of attack?(forgive me if I did not read article carefully enough} When I click on there site{software link on top} I see a download for Clam Av ,a Snort intrusion program a vulnerabilities program ect. Isn't Clam considered mediocre?if they recommend that it makes me doubt on the quality of there others. What is a guy like me or generally the best defense?Thank you
 
  • Like
Reactions: Fel Grossi
You must log in or register to reply here.

You may also like...