all InfoSec news
MalVirt | .NET Virtualization Thrives in Malvertising Attacks
Feb. 2, 2023, 11:01 a.m. | MalBot
Malware Analysis, News and Indicators - Latest topics malware.news
By Aleksandar Milenkoski and Tom Hegel
Executive Summary
- SentinelLabs observed a cluster of virtualized .NET malware loaders distributed through malvertising attacks.
- The loaders, dubbed MalVirt, use obfuscated virtualization for anti-analysis and evasion along with the Windows Process Explorer driver for terminating processes.
- MalVirt loaders are currently distributing malware of the Formbook family as part of an ongoing campaign.
- To disguise real C2 traffic and evade network detections, the malware beacons to random decoy C2 servers hosted at different hosting providers, …
analysis anti-analysis attacks campaign cluster detections distributed driver evasion executive explorer family formbook loaders malvertising malvirt malware malware analysis network obfuscated process processes process explorer random sentinellabs tom hegel traffic virtualization windows
More from malware.news / Malware Analysis, News and Indicators - Latest topics
Jobs in InfoSec / Cybersecurity
Information Technology Specialist II: Network Architect
@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, CA
Cybersecurity Skills Challenge -- Sponsored by DoD
@ Correlation One | United States
Security Operations Center (SOC) Analyst
@ GK Cybersecurity Group | Remote
Lead Product Security Engineer
@ Baker Hughes | IN-KA-BANGALORE-NEON BUILDING WEST TOWER
Penetration Tester
@ BT Group | Hemel Hempstead: Riverside (R6, Hemel Hempstead, United Kingdom
Cloud and Infrastructure Security Engineer II
@ StubHub | Los Angeles, CA