Malware News sLoad Banking Trojan Downloader Displays Sophisticated Recon and Targeting

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
A new PowerShell downloader dubbed sLoad is making the rounds, sporting impressive reconnaissance tactics and a penchant for geofencing, which indicate increasing sophistication when it comes to targeting efforts.

According to a Proofpoint analysis, the malware gathers information about the infected system, including a list of running processes, the presence of Outlook, and the presence of Citrix-related files. It will also take screenshots of the target machine.

“This is another chapter in the story we’ve seen emerging over the last few months,” Chris Dawson, threat intelligence lead at Proofpoint, told Threatpost. “Threat actors continue to adopt new, stealthy loaders with rich reconnaissance features. By using loaders that can also assess infected systems, actors can select their targets wisely and improve the quality of infected hosts, eliminating some of the noise associated with the ‘spray-and-pray’ campaigns we came to associate with the large-scale ransomware and banker attacks of the last few years.”

Full report by Proofpoint: sLoad and Ramnit pairing in sustained campaigns against UK and Italy
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top