From BYOVD to a 0-day: Unveiling Advanced Exploits in Cyber Recruiting Scams

Key Points

• Avast discovered a new campaign targeting specific individuals through fabricated job offers. 


• Avast uncovered a full attack chain from infection vector to deploying “FudModule 2.0” rootkit with 0-day Admin -> Kernel exploit. 


• Avast found a previously undocumented Kaolin RAT, where it could aside from standard RAT functionality, change the last write timestamp of a selected file and load any received DLL binary from C&C server. We also believe it was loading FudModule along with a 0-day exploit. 

Introduction …

admin advanced attack attack chain avast byovd campaign cyber exploit exploits found fudmodule infection job job offers kernel key key points malware analysis points rat recruiting recruiting scams rootkit scams standard targeting uncovered undocumented