Hard-to-detect credential-theft malware has infected 1,200 and is still going

guest · Feb 20, 2019

Hard-to-detect credential-theft malware has infected 1,200 and is still going
Separ's living-off-the-land approach bypasses many antimalware providers
February 20, 2019
https://arstechnica.com/information...malware-has-infected-1200-and-is-still-going/

The ongoing attack is the latest wave of Separ, a credential stealer that has been known to exist since at least late 2017, a researcher with security firm Deep Instinct said.

"Although the attack mechanism used by this malware is very simple, and no attempt has been made by the attacker to evade analysis, the growth in the number of victims claimed by this malware shows that simple attacks can be very effective," Guy Propper, Deep Instinct's threat intelligence team leader, wrote in a blog post.

In this latest wave, Separ is bundled into a self-extracting executable file that uses an icon to disguise itself as a PDF document. [...]
The batch file then runs four executable tools that are used for legitimate purposes. [...] The fourth executable bundles the legitimate xcopy.exe, attrib.exe, and sleep.exe apps it needs to perform mundane tasks.
Click to expand...

Still, the ongoing attacks are a reminder that—despite the growing sophistication of many of today's malware attacks—simple, sparse hacks remain painfully effective.
Click to expand...

guest · Feb 20, 2019

Abuse of LOLbins again... Way too common those days.. .
Thanks MS to still keeping stockpiling useless executables and interpreters in home users version of the OS.

Good coding some say...

Log in or Sign up

Hard-to-detect credential-theft malware has infected 1,200 and is still going

guest Guest

guest Guest

Log in or Sign up

Hard-to-detect credential-theft malware has infected 1,200 and is still going

guest Guest

guest Guest

Useful Searches