Security News > 2020 > June > AcidBox Malware Uncovered Using Repurposed VirtualBox Exploit
In a report released Wednesday, Palo Alto Networks' Unit 42 sheds new light onto attacks against the popular open-source virtualization software VirtualBox that used the AcidBox malware.
The Turla Group malware, researchers said, also targeted a second DSE vulnerability tied to a signed VirtualBox driver using what would later be identified as AcidBox malware.
Researchers then traced the AcidBox malware to fresh attacks against the VirtualBox driver VBoxDrv.
Sys v1.6.2 is vulnerable and used by Turla, this new malware uses the same exploit but with a slightly newer VirtualBox version," said researchers.
Moving forward, AcidBox is a "Very rare" malware that is probably used in highly targeted attacks, researchers said.
News URL
https://threatpost.com/acidbox-malware-uncovered-using-repurposed-virtualbox-exploit/156653/
Related news
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- SteelFox and Rhadamanthys Malware Use Copyright Scams, Driver Exploits to Target Victims (source)
- Cybercriminals Use Excel Exploit to Spread Fileless Remcos RAT Malware (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Botnet exploits GeoVision zero-day to install Mirai malware (source)
- APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign (source)
- Cybercriminals Exploit Popular Game Engine Godot to Distribute Cross-Platform Malware (source)
- BootKitty UEFI malware exploits LogoFAIL to infect Linux systems (source)
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP (source)