PicassoLoader Malware Used in Ongoing Attacks on Ukraine and Poland

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
9,952
Government entities, military organizations, and civilian users in Ukraine and Poland have been targeted as part of a series of campaigns designed to steal sensitive data and gain persistent remote access to the infected systems.

The intrusion set, which stretches from April 2022 to July 2023, leverages phishing lures and decoy documents to deploy a downloader malware called PicassoLoader, which acts as a conduit to launch Cobalt Strike Beacon and njRAT.

"The attacks used a multistage infection chain initiated with malicious Microsoft Office documents, most commonly using Microsoft Excel and PowerPoint file formats," Cisco Talos researcher Vanja Svajcer said in a new report. "This was followed by an executable downloader and payload concealed in an image file, likely to make its detection more difficult."
niZ7EZI-p3hsDLRZieFCUfrSf4qUGpllA_Xse93NwOgn3tcVIJrnf3jJEkeDXeKe3fWtZygHIouY6oBlbY01zNJyjKW07JOD3RIsjAcB-RVUQ2kLRn6fVwbxDE624hzZ7mNaDEw_F-dwV_wsPJXkME0
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top