New Stealthy BabbleLoader Malware Spotted Delivering WhiteSnake and Meduza Stealers

Captain Awesome

Captain Awesome

Level 27
Thread author
Verified
Top Poster
Well-known
Forum Veteran
May 7, 2016
1,646
11,313
2,569
India
Content source
https://thehackernews.com/2024/11/new-stealthy-babbleloader-malware.html?m=1
Cybersecurity researchers have shed light on a new stealthy malware loader called BabbleLoader that has been observed in the wild delivering information stealer families such as WhiteSnake and Meduza.
Click to expand...
BabbleLoader is an "extremely evasive loader, packed with defensive mechanisms, that is designed to bypass antivirus and sandbox environments to deliver stealers into memory," Intezer security researcher Ryan Robinson said in a report published Sunday.
Click to expand...
thehackernews.com

New Stealthy BabbleLoader Malware Spotted Delivering WhiteSnake and Meduza Stealers

New stealthy malware loader BabbleLoader evades antivirus and sandboxes, delivering WhiteSnake and Meduza stealers globally.
thehackernews.com thehackernews.com
 
  • Like
  • +Reputation
Reactions: Gandalf_The_Grey, Andy Ful, Victor M and 2 others
Loaders are often the first stage in an attack chain, designed to stealthily execute or inject malware, such as info-stealers or ransomware, into a target system. Their prevalence reflects an evolution in tactics, allowing threat actors to evade traditional antivirus defenses through techniques like in-memory execution and anti-analysis features. Widely available for purchase or lease on underground markets, loaders are now a commodity in malware distribution, making sophisticated attack methods accessible to a broader range of actors and adaptable across diverse campaigns and targets.

Babble Babble Babble Babble Babble Babble BabbleLoader

BabbleLoader: the annoyingly clever malware loader that jumbles, scrambles, and evades its way past modern defenses with frustrating ease.
intezer.com intezer.com
Click to expand...

Such malware can be used in widespread campaigns, making it dangerous for all users. The loaders can be signed in targeted attacks. In the original article (intezer.com) there are over 80 hashes of BabbleLoader (EXE files, all unsigned except for one properly signed and one with a fake certificate). The EXE malware that is unsigned or contains the fake certificate is blocked by Windows SmartScreen (on Windows 8+ when the file is downloaded from the Internet) or Smart App Control (on Windows 11).
 
  • Like
  • +Reputation
Reactions: Captain Awesome, simmerskool, Gandalf_The_Grey and 1 other person
You must log in or register to reply here.

You may also like...