Malware News This new threat infects devices with a dozen malware at once

[vtqhtr413]

Content source

https://www.techradar.com/pro/security/this-new-threat-infects-devices-with-a-dozen-malware-at-once

Cybersecurity researchers from Outpost24’s Kraken Labs observed a new and quite unique malware campaign that seems to values quantity over quality.

Usually, when hackers compromise a device, they deploy a single piece of malware and try their best to remain unseen and persistent, as they use the computer for whatever end goal they have. But this new campaign, dubbed Unfurling Hemlock, does the exact opposite, making it stand out in the world of cybercrime. The researchers are saying that once the victim triggers the malware executable - in this case called ‘EXTRACT.EXE’ - they receive a handful of different malwares, infostealers, and botnet executables.

Malware cluster bomb​

The chances of the malware being picked up by cybersecurity solutions is high, but the researchers believe the attackers are hoping at least some of the payloads will survive the purge. Among the things dropped on the devices are Redline (popular infostealer), RisePro (an upcoming infostealer), Mystic Stealer (infostealing malware-as-a-service), Amadey (loader), SmokeLoader (another loader), Protection Disabler (a utility that disables Windows Defender and other security features), Enigma Packer (obfuscation tool), Healer (anti-security solution), and Performance Checker (a utility that checks and logs the performance of malware execution).

This new threat infects devices with a dozen malware at once

Unfurling Hemlock doesn't bother trying to hide itself

www.techradar.com

 

[kailyn]

This new threat infects devices with a dozen malware at once

Unfurling Hemlock doesn't bother trying to hide itself

www.techradar.com

How ridiculous. It is not a novel type of attack. At least 20 years ago there were Chinese threat actors that created "Monster Downloaders" that did the very same thing. Their malware would download and install 10, 15, 20, or more malicious programs.

 

[vtqhtr413]

I would think that they are referring to the last decade but you are right, it isn't novel nor is it now ridiculous.

 

[kailyn]

I would think that they are referring to the last decade but you are right, it isn't novel nor is it now ridiculous.

The attack method is not ridiculous. But not knowing that the method had been used for decades is ridiculous. Kraken Labs is the one that does not know malware history. And the article author just repeated what Kraken Labs fed to him.

There are still PUAs and PUPs that download multiple malicious software. The method of getting malware onto user systems and gaining persistence via confusion or subterfuge never ended. Rootkits of the days of old did the same thing but without being detected. Back then they thought "I have a much better chance of persistence if I install multiple malicious modules versus a single one." Sort of like a 5 year old that figures out they can carry a lot more sand with a bigger bucket. That level of thinking.