• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
researchers uncover packer used by several malware to evade detection

Researchers Uncover Packer Used by Several Malware to Evade Detection for 6 Years

You are here: Home / General Cyber Security News / Researchers Uncover Packer Used by Several Malware to Evade Detection for 6 Years
January 31, 2023

A shellcode-centered packer dubbed TrickGate has been efficiently running devoid of attracting notice for more than 6 a long time, while enabling risk actors to deploy a wide array of malware these types of as TrickBot, Emotet, AZORult, Agent Tesla, FormBook, Cerber, Maze, and REvil about the a long time.

“TrickGate managed to continue to be underneath the radar for several years because it is transformative – it undergoes adjustments periodically,” Look at Level Research’s Arie Olshtein said, contacting it a “master of disguises.”

Presented as a assistance to other menace actors considering that at the very least late 2016, TrickGate assists conceal payloads driving a layer of wrapper code in an endeavor to get previous security options mounted on a host. Packers can also function as crypters by encrypting the malware as an obfuscation mechanism.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“Packers have diverse characteristics that let them to circumvent detection mechanisms by showing as benign data files, getting tough to reverse engineer, or incorporating sandbox evasion tactics,” Proofpoint famous in December 2020.

But the regular updates to the commercial packer-as-a-support meant TrickGate has been tracked less than various names such as new loader, Loncom, and NSIS-based crypter considering the fact that 2019.

Malware Evade Detection

Telemetry knowledge gathered by Check Issue indicates that the danger actors leveraging TrickGate have mostly singled out the producing sector, and to a lesser extent, education, healthcare, authorities, and finance verticals.

The most common malware households utilised in the attacks in the previous two months include FormBook, LokiBot, Agent Tesla, Remcos, and Nanocore, with important concentrations documented in Taiwan, Turkey, Germany, Russia, and China.

The an infection chain consists of sending phishing emails with malicious attachments or booby-trapped back links that direct to the obtain of a shellcode loader which is liable for decrypting and launching the actual payload into memory.

The Israeli cybersecurity firm’s investigation of the shellcode demonstrates that it “has been consistently up to date, but the key functionalities exist on all the samples because 2016,” Olshtein famous. “The injection module has been the most regular component over the a long time and has been observed in all TrickGate shellcodes.”

Located this posting fascinating? Observe us on Twitter  and LinkedIn to go through more unique content we article.


Some areas of this write-up are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Killnet Attackers DDoS US and Dutch Hospitals
Next Post: New Report Reveals NikoWiper Malware That Targeted Ukraine Energy Sector new report reveals nikowiper malware that targeted ukraine energy sector»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
  • PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution
  • Securing Data in the AI Era
  • Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild
  • Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals
  • CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
  • Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads
  • Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord
  • Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods
  • What Security Leaders Need to Know About AI Governance for SaaS

Copyright © TheCyberSecurity.News, All Rights Reserved.