Security News > 2020 > December > Russian hackers hide Zebrocy malware in virtual disk images
Russian-speaking hackers behind Zebrocy malware have changed their technique for delivering malware to high-profile victims and started to pack the threats in Virtual Hard Drives to avoid detection.
Inside the image were a PDF file and an executable posing as a Microsoft Word document, which Zebrocy malware.
Both of the last two VHD images included a Zebrocy sample impersonating a Microsoft Word document and a PDF file, and they share the same disk ID. The oldest one delivered a Delphi-based variant of the malware and used a PDF bait written in Russian.
The use of VHD disk images appears to be a new page in the malware delivery book of the threat group behind Zebrocy.
In its report published today, Intezer provides indicators of compromise for the command and control server, the VHD files, and the Zebrocy malware samples used in the recent phishing campaigns.
News URL
Related news
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware (source)
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- Russians lure European diplomats into malware trap with wine-tasting invite (source)
- State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns (source)
- Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)
- Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign (source)
- Russian army targeted by new Android malware hidden in mapping app (source)
- North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures (source)