Security News > 2020 > December > Russian hackers hide Zebrocy malware in virtual disk images
Russian-speaking hackers behind Zebrocy malware have changed their technique for delivering malware to high-profile victims and started to pack the threats in Virtual Hard Drives to avoid detection.
Inside the image were a PDF file and an executable posing as a Microsoft Word document, which Zebrocy malware.
Both of the last two VHD images included a Zebrocy sample impersonating a Microsoft Word document and a PDF file, and they share the same disk ID. The oldest one delivered a Delphi-based variant of the malware and used a PDF bait written in Russian.
The use of VHD disk images appears to be a new page in the malware delivery book of the threat group behind Zebrocy.
In its report published today, Intezer provides indicators of compromise for the command and control server, the VHD files, and the Zebrocy malware samples used in the recent phishing campaigns.
News URL
Related news
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn (source)
- Salt Typhoon hackers backdoor telcos with new GhostSpider malware (source)
- Faraway Russian hackers breached US organization via Wi-Fi (source)
- Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)