Malware News New Stealthy BabbleLoader Malware Spotted Delivering WhiteSnake and Meduza Stealers

Captain Awesome

Captain Awesome

Level 24
Thread author
Verified
Top Poster
Well-known
May 7, 2016
1,364
Content source
https://thehackernews.com/2024/11/new-stealthy-babbleloader-malware.html?m=1
Cybersecurity researchers have shed light on a new stealthy malware loader called BabbleLoader that has been observed in the wild delivering information stealer families such as WhiteSnake and Meduza.
Click to expand...
BabbleLoader is an "extremely evasive loader, packed with defensive mechanisms, that is designed to bypass antivirus and sandbox environments to deliver stealers into memory," Intezer security researcher Ryan Robinson said in a report published Sunday.
Click to expand...
thehackernews.com

New Stealthy BabbleLoader Malware Spotted Delivering WhiteSnake and Meduza Stealers

New stealthy malware loader BabbleLoader evades antivirus and sandboxes, delivering WhiteSnake and Meduza stealers globally.
thehackernews.com thehackernews.com
 
  • Like
  • +Reputation
Reactions: Gandalf_The_Grey, Andy Ful, Victor M and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
Loaders are often the first stage in an attack chain, designed to stealthily execute or inject malware, such as info-stealers or ransomware, into a target system. Their prevalence reflects an evolution in tactics, allowing threat actors to evade traditional antivirus defenses through techniques like in-memory execution and anti-analysis features. Widely available for purchase or lease on underground markets, loaders are now a commodity in malware distribution, making sophisticated attack methods accessible to a broader range of actors and adaptable across diverse campaigns and targets.

Babble Babble Babble Babble Babble Babble BabbleLoader

BabbleLoader: the annoyingly clever malware loader that jumbles, scrambles, and evades its way past modern defenses with frustrating ease.
intezer.com intezer.com
Click to expand...

Such malware can be used in widespread campaigns, making it dangerous for all users. The loaders can be signed in targeted attacks. In the original article (intezer.com) there are over 80 hashes of BabbleLoader (EXE files, all unsigned except for one properly signed and one with a fake certificate). The EXE malware that is unsigned or contains the fake certificate is blocked by Windows SmartScreen (on Windows 8+ when the file is downloaded from the Internet) or Smart App Control (on Windows 11).
 
  • Like
  • +Reputation
Reactions: Captain Awesome, simmerskool, Gandalf_The_Grey and 1 other person

Similar threads

Captain Awesome
    • Like
Malware News New stealthy Pumakit Linux rootkit malware spotted in the wild
Replies
0
Views
181
Security News
Captain Awesome
Captain Awesome
enaph
    • Like
Security News Microsoft Teams Exploited in Attacks Delivering DarkGate Malware
Replies
0
Views
184
Security News
enaph
enaph
Andy Ful
    • Like
    • Hundred Points
    • Applause
Serious Discussion Malware Loaders.
Replies
1
Views
549
General Security Discussions
Bot
Bot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top