Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Enhanced BazarBackdoor Poses New Cybersecurity Risks
#1
https://news.softpedia.com/news/enhanced...3534.shtml      Enhanced BazarBackdoor Poses New Cybersecurity Risks
Malware developers are becoming more innovative and have designed new file infection spreading methods  Jul 19, 2021 16:53 GMT  ·  By George Dascalu  ·    A revamped BazarBackdoor was discovered that disguises the virus as an image file. The approach allows Secure Email Gateways (SEGs) to be fooled into thinking that malicious attachments are clean files, according to Cyware.

Cofense cybersecurity experts found that BazarBackdoor multi-compression approach is able to bypass some SEG services because of the limited ability of those services to fully examine or scan a compressed file. According to experts, the approach is becoming increasingly popular among hackers because it increases the likelihood that dangerous files will evade detection.

BazarBackdoor began its new campaign last month, with an Environmental Day theme on June the 5th. The malicious files are attached to the email by the threat actor as ZIP and RAR. The JavaScript file containing the BazarBackdoor virus is used to distribute the malware to the targeted computers. It goes without saying that the JavaScript file is obfuscated and, once activated, it downloads a malicious payload that has been bundled with an image extension.

What is the method through which the malware is camouflaged?
Archives can be configured to be nested for various reasons, such as limiting the amount of file decompression that the capacity of SEG can handle or causing an unknown archive type to fail. To perform a download, the obfuscated JavaScript on the page first obtains the source of the page as a PNG image called BazarBackdoor payload over an HTTP GET connection. The program contains a malicious payload that is an executable with the wrong extension.

Once installed on a victim system, the virus is able to download and execute the Cobalt Strike, a legitimate post-exploitation toolkit that was designed to further penetrate the network. Interestingly enough, the developers managed to add a new powerful feature to BazarBackdoor in just 1 year.

The most fascinating thing about it, however, is that the threat actors behind it are becoming more inventive when it comes to spreading malware. Due to the nature of the threat, it is classified as extremely dangerous and requires continuous monitoring by security managers.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Beijing 2022 Winter Olympics app bursting with privacy risks mrtrout 0 457 01-18-2022 , 07:47 PM
Last Post: mrtrout
  ENISA Highlights AI Security Risks for Autonomous Cars Bjyda 0 927 02-21-2021 , 10:15 PM
Last Post: Bjyda
  BIND implements DNS over HTTPS to offer enhanced privacy Bjyda 0 628 02-19-2021 , 11:04 PM
Last Post: Bjyda
  UNVEILING THE HIDDEN RISKS OF INDUSTRIAL AUTOMATION PROGRAMMING mrtrout 0 1,088 08-22-2020 , 01:30 AM
Last Post: mrtrout
  Comodo launches enhanced solution to secure internet access mrtrout 0 1,414 11-02-2018 , 12:30 AM
Last Post: mrtrout

Forum Jump:


Users browsing this thread: 1 Guest(s)