Malware Loader Goes Through Heaven's Gate to Avoid Detection

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Researchers discovered a malware loader specifically designed by its developers to hide in plain sight and allow the payload to evade detection by anti-malware solutions by injecting into the memory of compromised computers.

The malicious loader uses "the infamous 'Heaven's Gate' technique — a trick that allows 32-bit malware running on 64-bit systems to hide API calls by switching to a 64-bit environment," as described by Cisco Talos' Holger Unterbrink and Edmund Brumaghin.

Malware developers add antivirus evasion features to their "products" to lengthen the period of time between their initial release and the moment anti-malware solutions detect them.

The loader distributed by the new campaign discovered by the Cisco Talos research team deploys its deception cloak for the purpose of dropping various strains of malware such as the HawkEye Reborn keylogger/stealer, the Remcos remote access tool (RAT), and several XMR-based malicious miners.
 

Dave Russo

Level 21
Verified
Top Poster
Well-known
May 26, 2014
1,042
Interesting article,What I do not understand,is the outfit Cisco Talos, who publishes above article dosn"t give recommendation to what can stop this type of attack?(forgive me if I did not read article carefully enough} When I click on there site{software link on top} I see a download for Clam Av ,a Snort intrusion program a vulnerabilities program ect. Isn't Clam considered mediocre?if they recommend that it makes me doubt on the quality of there others. What is a guy like me or generally the best defense?Thank you
 
  • Like
Reactions: Fel Grossi

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top