• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
researchers uncover packer used by several malware to evade detection

Researchers Uncover Packer Used by Several Malware to Evade Detection for 6 Years

You are here: Home / General Cyber Security News / Researchers Uncover Packer Used by Several Malware to Evade Detection for 6 Years
January 31, 2023

A shellcode-centered packer dubbed TrickGate has been efficiently running devoid of attracting notice for more than 6 a long time, while enabling risk actors to deploy a wide array of malware these types of as TrickBot, Emotet, AZORult, Agent Tesla, FormBook, Cerber, Maze, and REvil about the a long time.

“TrickGate managed to continue to be underneath the radar for several years because it is transformative – it undergoes adjustments periodically,” Look at Level Research’s Arie Olshtein said, contacting it a “master of disguises.”

Presented as a assistance to other menace actors considering that at the very least late 2016, TrickGate assists conceal payloads driving a layer of wrapper code in an endeavor to get previous security options mounted on a host. Packers can also function as crypters by encrypting the malware as an obfuscation mechanism.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“Packers have diverse characteristics that let them to circumvent detection mechanisms by showing as benign data files, getting tough to reverse engineer, or incorporating sandbox evasion tactics,” Proofpoint famous in December 2020.

But the regular updates to the commercial packer-as-a-support meant TrickGate has been tracked less than various names such as new loader, Loncom, and NSIS-based crypter considering the fact that 2019.

Malware Evade Detection

Telemetry knowledge gathered by Check Issue indicates that the danger actors leveraging TrickGate have mostly singled out the producing sector, and to a lesser extent, education, healthcare, authorities, and finance verticals.

The most common malware households utilised in the attacks in the previous two months include FormBook, LokiBot, Agent Tesla, Remcos, and Nanocore, with important concentrations documented in Taiwan, Turkey, Germany, Russia, and China.

The an infection chain consists of sending phishing emails with malicious attachments or booby-trapped back links that direct to the obtain of a shellcode loader which is liable for decrypting and launching the actual payload into memory.

The Israeli cybersecurity firm’s investigation of the shellcode demonstrates that it “has been consistently up to date, but the key functionalities exist on all the samples because 2016,” Olshtein famous. “The injection module has been the most regular component over the a long time and has been observed in all TrickGate shellcodes.”

Located this posting fascinating? Observe us on Twitter  and LinkedIn to go through more unique content we article.


Some areas of this write-up are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Killnet Attackers DDoS US and Dutch Hospitals
Next Post: New Report Reveals NikoWiper Malware That Targeted Ukraine Energy Sector new report reveals nikowiper malware that targeted ukraine energy sector»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • CISA Unveils Ransomware Notification Initiative
  • WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites
  • GitHub Updates Security Protocol For Operations Over SSH
  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet

Copyright © TheCyberSecurity.News, All Rights Reserved.