silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,057
Researchers discovered a malware loader specifically designed by its developers to hide in plain sight and allow the payload to evade detection by anti-malware solutions by injecting into the memory of compromised computers.
The malicious loader uses "the infamous 'Heaven's Gate' technique — a trick that allows 32-bit malware running on 64-bit systems to hide API calls by switching to a 64-bit environment," as described by Cisco Talos' Holger Unterbrink and Edmund Brumaghin.
Malware developers add antivirus evasion features to their "products" to lengthen the period of time between their initial release and the moment anti-malware solutions detect them.
The loader distributed by the new campaign discovered by the Cisco Talos research team deploys its deception cloak for the purpose of dropping various strains of malware such as the HawkEye Reborn keylogger/stealer, the Remcos remote access tool (RAT), and several XMR-based malicious miners.
RATs and stealers rush through “Heaven’s Gate” with new loader
By Holger Unterbrink and Edmund Brumaghin. Executive summary Malware is constantly finding new ways to avoid detection. This doesn't mean that some will never be detected, but it does allow adversaries to increase the period of time between initial release and detection. Flying under the...
blog.talosintelligence.com