silversurfer

Level 52
Verified
Trusted
Content Creator
Malware Hunter
Researchers discovered a malware loader specifically designed by its developers to hide in plain sight and allow the payload to evade detection by anti-malware solutions by injecting into the memory of compromised computers.

The malicious loader uses "the infamous 'Heaven's Gate' technique — a trick that allows 32-bit malware running on 64-bit systems to hide API calls by switching to a 64-bit environment," as described by Cisco Talos' Holger Unterbrink and Edmund Brumaghin.

Malware developers add antivirus evasion features to their "products" to lengthen the period of time between their initial release and the moment anti-malware solutions detect them.

The loader distributed by the new campaign discovered by the Cisco Talos research team deploys its deception cloak for the purpose of dropping various strains of malware such as the HawkEye Reborn keylogger/stealer, the Remcos remote access tool (RAT), and several XMR-based malicious miners.
 

Dave Russo

Level 8
Verified
Interesting article,What I do not understand,is the outfit Cisco Talos, who publishes above article dosn"t give recommendation to what can stop this type of attack?(forgive me if I did not read article carefully enough} When I click on there site{software link on top} I see a download for Clam Av ,a Snort intrusion program a vulnerabilities program ect. Isn't Clam considered mediocre?if they recommend that it makes me doubt on the quality of there others. What is a guy like me or generally the best defense?Thank you
 
  • Like
Reactions: Felipe Oliveira