A brand new piece of malware dubbed dotRunpeX is getting used to distribute a large number of identified malware households equivalent to Agent Tesla, Ave Maria, BitRAT, FormBook, LokiBot, NetWire, Raccoon Stealer, RedLine Stealer, Remcos, Rhadamanthys, and Vidar.
“DotRunpeX is a brand new injector written in .NET the use of the Procedure Hollowing method and used to contaminate techniques with various identified malware households,” Test Level stated in a file revealed remaining week.
Stated to be in lively building, dotRunpeX arrives as a second-stage malware within the an infection chain, frequently deployed by way of a downloader (aka loader) that is transmitted via phishing emails as malicious attachments.
Then again, it is identified to leverage malicious Google Commercials on seek consequence pages to direct unsuspecting customers looking for standard device equivalent to AnyDesk and LastPass to copycat websites website hosting trojanized installers.
The newest DotRunpeX artifacts, first noticed in October 2022, upload an additional obfuscation layer by means of the use of the KoiVM virtualizing protector.
It is price stating that the findings dovetail with a malvertising marketing campaign documented by means of SentinelOne remaining month through which the loader and the injector parts had been jointly known as MalVirt.
Test Level’s research has additional published that “each and every dotRunpeX pattern has an embedded payload of a definite malware circle of relatives to be injected,” with the injector specifying an inventory of anti-malware processes to be terminated.
Uncover the Hidden Risks of 3rd-Birthday party SaaS Apps
Do you know of the hazards related to third-party app get entry to on your corporate’s SaaS apps? Sign up for our webinar to be informed concerning the varieties of permissions being granted and learn how to reduce possibility.
This, in flip, is made conceivable by means of abusing a susceptible procedure explorer motive force (procexp.sys) that is integrated into dotRunpeX so to download kernel mode execution.
There are indicators that dotRunpeX might be affiliated to Russian-speaking actors in accordance with the language references within the code. Essentially the most continuously delivered malware households delivered by means of the rising danger come with RedLine, Raccoon, Vidar, Agent Tesla, and FormBook.
Supply By means of https://thehackernews.com/2023/03/new-dotrunpex-malware-delivers-multiple.html
