A new piece of malware dubbed dotRunpeX is being applied to distribute many identified malware family members this sort of as Agent Tesla, Ave Maria, BitRAT, FormBook, LokiBot, NetWire, Raccoon Stealer, RedLine Stealer, Remcos, Rhadamanthys, and Vidar.
“DotRunpeX is a new injector composed in .NET utilizing the System Hollowing procedure and applied to infect techniques with a range of recognised malware people,” Check Place said in a report published very last week.
Explained to be in active progress, dotRunpeX arrives as a second-stage malware in the an infection chain, usually deployed by using a downloader (aka loader) which is transmitted as a result of phishing e-mails as malicious attachments.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
Alternatively, it is regarded to leverage destructive Google Ads on search result webpages to direct unsuspecting consumers exploring for well-known software package these types of as AnyDesk and LastPass to copycat internet sites hosting trojanized installers.
The most up-to-date DotRunpeX artifacts, initially noticed in October 2022, incorporate an additional obfuscation layer by working with the KoiVM virtualizing protector.
It truly is really worth pointing out that the findings dovetail with a malvertising campaign documented by SentinelOne very last month in which the loader and the injector factors were collectively referred to as MalVirt.
Test Point’s evaluation has even further unveiled that “every dotRunpeX sample has an embedded payload of a certain malware spouse and children to be injected,” with the injector specifying a checklist of anti-malware procedures to be terminated.
WEBINARDiscover the Concealed Dangers of Third-Party SaaS Apps
Are you conscious of the dangers affiliated with 3rd-party application entry to your company’s SaaS applications? Sign up for our webinar to master about the styles of permissions getting granted and how to reduce risk.
RESERVE YOUR SEAT
This, in switch, is created probable by abusing a susceptible procedure explorer driver (procexp.sys) that’s included into dotRunpeX so as to attain kernel method execution.
There are signals that dotRunpeX could be affiliated to Russian-talking actors centered on the language references in the code. The most usually sent malware families shipped by the emerging risk incorporate RedLine, Raccoon, Vidar, Agent Tesla, and FormBook.
Found this write-up interesting? Stick to us on Twitter and LinkedIn to read through extra exclusive content material we submit.
Some elements of this article are sourced from:
thehackernews.com