Security News > 2020 > December > Russian hackers hide Zebrocy malware in virtual disk images
Russian-speaking hackers behind Zebrocy malware have changed their technique for delivering malware to high-profile victims and started to pack the threats in Virtual Hard Drives to avoid detection.
Inside the image were a PDF file and an executable posing as a Microsoft Word document, which Zebrocy malware.
Both of the last two VHD images included a Zebrocy sample impersonating a Microsoft Word document and a PDF file, and they share the same disk ID. The oldest one delivered a Delphi-based variant of the malware and used a PDF bait written in Russian.
The use of VHD disk images appears to be a new page in the malware delivery book of the threat group behind Zebrocy.
In its report published today, Intezer provides indicators of compromise for the command and control server, the VHD files, and the Zebrocy malware samples used in the recent phishing campaigns.
News URL
Related news
- Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware (source)
- Russian-Linked Hackers Target Eastern European NGOs and Media (source)
- Russian Hacker Jailed 3+ Years for Selling Stolen Credentials on Dark Web (source)
- Hackers use PHP exploit to backdoor Windows systems with new malware (source)
- Russian laundering millions for Lazarus hackers arrested in Argentina (source)
- South Korean hackers exploited WPS Office zero-day to deploy malware (source)
- Russian APT29 hackers use iOS, Chrome exploits created by spyware vendors (source)
- Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack (source)
- Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack (source)
- Fake OnlyFans cybercrime tool infects hackers with malware (source)