Researchers Uncover Packer Used by Several Malware to Evade Detection for 6 Years

[silversurfer]

Content source

https://thehackernews.com/2023/01/researchers-uncover-packer-that-helped.html

A shellcode-based packer dubbed TrickGate has been successfully operating without attracting notice for over six years, while enabling threat actors to deploy a wide range of malware such as TrickBot, Emotet, AZORult, Agent Tesla, FormBook, Cerber, Maze, and REvil over the years.

"TrickGate managed to stay under the radar for years because it is transformative – it undergoes changes periodically," Check Point Research's Arie Olshtein said, calling it a "master of disguises."

The infection chain involves sending phishing emails with malicious attachments or booby-trapped links that lead to the download of a shellcode loader that's responsible for decrypting and launching the actual payload into memory.

The Israeli cybersecurity firm's analysis of the shellcode shows that it "has been constantly updated, but the main functionalities exist on all the samples since 2016," Olshtein noted. "The injection module has been the most consistent part over the years and has been observed in all TrickGate shellcodes."

Researchers Uncover Packer Used by Several Malware to Evade Detection for 6 Years

Researchers have uncovered a shellcode-based packer service that has been helping hackers hide their malware for the past 6 years.

thehackernews.com