- Feb 4, 2016
- 2,520
Security researchers exploited a threat actor's poor choice for encryption and discovered a new piece of malware along with network infrastructure that links to various targeted attacks.
The new piece of malware, which received the name Chainshot, is used in the early stages of an attack to activate a downloader for the final payload in a malicious chain reaction.
Researchers from of Palo Alto Networks Unit 42 found Chainshot after following the trails of an Adobe Flash zero-day exploit (CVE-2018-5002) used in a series of targeted malware campaigns.
Chainshot is multipurpose
Apart from being part of a chain reaction that makes it difficult to analyze components individually, Chainshot contains code to search for and bypass Kaspersky and Bitdefender antivirus solutions for both x86 and x64 platforms.
Its task is to push another malware on the compromised machine, which drops the final payload. Chainshot is also responsible for fingerprinting the system, sending details about the user and the processes running on the machine.