16

Archived version

  • Cyble Research and Intelligence Labs (CRIL) identified a campaign targeting individuals connected to the upcoming US-Taiwan Defense Industry Conference, as indicated by the lure document uncovered during the investigation.
  • The campaign involves a ZIP archive containing an LNK file that mimics a legitimate PDF registration form for deception.
  • When the LNK file is opened, it executes commands to drop a lure PDF and an executable in the startup folder, establishing persistence.
  • Upon system reboot, the executable downloads additional content and executes it directly in memory, effectively evading detection by the security products.
  • The first-stage loader triggers a second-stage loader, which downloads, decodes, and compiles C# code in memory, avoiding the creation of traceable files on disk.
  • Once the compiled code is executed, the malware exfiltrates sensitive data back to the attacker’s server via web requests designed to blend in with normal traffic, making detection more difficult.
no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here
this post was submitted on 13 Sep 2024
16 points (100.0% liked)

Technology

37702 readers
203 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS