Security News > 2020 > December > Russian hackers hide Zebrocy malware in virtual disk images
Russian-speaking hackers behind Zebrocy malware have changed their technique for delivering malware to high-profile victims and started to pack the threats in Virtual Hard Drives to avoid detection.
Inside the image were a PDF file and an executable posing as a Microsoft Word document, which Zebrocy malware.
Both of the last two VHD images included a Zebrocy sample impersonating a Microsoft Word document and a PDF file, and they share the same disk ID. The oldest one delivered a Delphi-based variant of the malware and used a PDF bait written in Russian.
The use of VHD disk images appears to be a new page in the malware delivery book of the threat group behind Zebrocy.
In its report published today, Intezer provides indicators of compromise for the command and control server, the VHD files, and the Zebrocy malware samples used in the recent phishing campaigns.
News URL
Related news
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- 100+ domains seized to stymie Russian Star Blizzard hackers (source)
- Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- Russian Espionage Group Targets Ukrainian Military with Malware via Telegram (source)
- Russian charged by U.S. for creating RedLine infostealer malware (source)