Security News > 2021 > May > Global Phishing Attacks Spawn Three New Malware Strains
Two waves of global financial phishing attacks that swamped at least 50 organizations in December have delivered three new malware families, according to a report from FireEye's Mandiant cybersecurity team.
On Tuesday, the team said that they've dubbed the hitherto-unseen malware strains Doubledrag, Doubledrop, and Doubleback.
Given the "Considerable" infrastructure they have at their disposal, their carefully crafted phishing lures, and what the researchers called the "Professionally coded sophistication" of the malware, the team says that the UNC2529 attackers seem "Experienced and well-resourced."
The malware ecosystem used by UNC2529 consists of either a downloader or an Excel document with an embedded macro; a dropper; and a backdoor.
The threat actors also worked hard to obfuscate the malware components.
Dimiter Andonov, Senior Principal Reverse Engineer with Mandiant, told Threatpost in an email on Tuesday afternoon that the techniques employed in this new malware ecosystem - specifically, the file-less serialization on compromised systems - isn't new, but it's effective.
News URL
https://threatpost.com/global-phishing-attacks-new-malware-strains/165857/
Related news
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)
- Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies (source)
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)