Log in or Sign up

This worm spreads a fileless version of the Trojan Bladabindi

Discussion in 'malware problems & news' started by Minimalist, Nov 27, 2018.

Minimalist Registered Member

Joined:

Jan 6, 2014

Posts:

14,909

Location:

Slovenia, EU

According to researchers from Trend Micro, the worm spreads Bladabindi -- also known as njRAT/Njw0rm -- in a fileless form by propagating through removable drives and storage.
Click to expand...

https://www.zdnet.com/article/this-worm-spreads-fileless-trojan-bladabindi-through-removable-drives/

Minimalist, Nov 27, 2018

#1
Rasheed187 Registered Member

Joined:

Jul 10, 2004

Posts:

18,178

Location:

The Netherlands

Like I said, file-less doesn't mean it uses any magic, it will still run tr.exe and powershell.exe, and they will both trigger suspicious behavior. So only AV's with bad behavior blockers might have a hard time stopping it.

Rasheed187, Dec 1, 2018

#2

(You must log in or sign up to reply here.)

This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.

Accept Learn More...