Researchers warn hackers are putting a new spin on old injection techniques and successfully end-running endpoint protection. They are tracking a campaign, that kicked off in January, that is still going strong exploiting weaknesses in web browsers. The objective is to hide in the background of infected systems in order to steal user passwords, track online habits and hijack personal information, according to a Cisco Talos report.
Cisco Talos said the wave of ongoing campaigns use custom droppers to plant information-hijacking malware such as Agent Tesla and Loki-bot into common application processes.
“The adversaries use custom droppers, which inject the final malware into common processes on the victim machine,” wrote Holger Unterbrink, a researcher with Cisco Talos, a blog post about the new research. “Once infected, the malware can steal information from many popular pieces of software, including the Google Chrome, Safari and Firefox web browsers.”
Unterbrink said the adversaries use injection techniques that have been employed for many years, but with new, custom capabilities that are making them difficult for anti-virus (AV) protections to detect, Unterbrink wrote.
“Any internet user is a potential target of this malware, and if infected, has the potential to completely take away a user’s online privacy,” he warned.