- Morphsic researchers saw Matan Buchus 3.0 in the wild
- Malware Cobalt works the loader for strike or renasmare
- The affected people are contacted by teams and called for remote access
Security researchers are warning of an ongoing campaign that takes advantage of the Microsoft teams to deploy a piece of malware called Malaws 3.0.
According to the CyberSic Organization Morphsic, an unknown hacking group first carefully chooses its victims, and then reaches through the Microsoft teams, and offers as an external IT team.
They try to persuade the affected person that they are worried about their device and need to give them remote access to solve the problem. Since the victims are picking up cherry, it is more likely to succeed.
You can like
A service as expensive malware
Once access is accessed, usually through immediate help, the attacker processes a power shell script that deploys a malware loader, which can lead to a malware loader, which can lead to a cobalt strike bacon, or even renampeare.
“The victims are carefully targeted and the script is agreed to put into practice, which triggers the downloads of the archive,” said Morfesk CTO Michael Gortick. “This archive has a designated notepad ++ updator (GOP), a slightly modified configuration XML file, and a malicious DLL representing Mathan Bouches loader.”
According to Hacker News, the malware was first seen in 2021, where cybercriminals advertised him at $ 2,500 on Russian -speaking forums. Since then, malware has been ready to add new features, better communication, more sticks, CMD and power shell support, and more. It seems to cost more, now for the HTTPS version, the monthly service price of $ 10,000 and for the DNS version, 000 15,000.
Although researchers do not identify the attackers, he said in the past, similar social engineering plans were used by a group called Black Basta for the deployment of Ranismware.
In the past, Black Basta was one of the most dangerous Ranasmare tasks in existence, but since then it gradually ended. In late February this year, a cyber criminal released the chat log, detailing the group’s internal works.
By Hacker news
