Security News > 2021 > May > Global Phishing Attacks Spawn Three New Malware Strains
Two waves of global financial phishing attacks that swamped at least 50 organizations in December have delivered three new malware families, according to a report from FireEye's Mandiant cybersecurity team.
On Tuesday, the team said that they've dubbed the hitherto-unseen malware strains Doubledrag, Doubledrop, and Doubleback.
Given the "Considerable" infrastructure they have at their disposal, their carefully crafted phishing lures, and what the researchers called the "Professionally coded sophistication" of the malware, the team says that the UNC2529 attackers seem "Experienced and well-resourced."
The malware ecosystem used by UNC2529 consists of either a downloader or an Excel document with an embedded macro; a dropper; and a backdoor.
The threat actors also worked hard to obfuscate the malware components.
Dimiter Andonov, Senior Principal Reverse Engineer with Mandiant, told Threatpost in an email on Tuesday afternoon that the techniques employed in this new malware ecosystem - specifically, the file-less serialization on compromised systems - isn't new, but it's effective.
News URL
https://threatpost.com/global-phishing-attacks-new-malware-strains/165857/
Related news
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- Open-source malware doubles, data exfiltration attacks dominate (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- CISA and FBI Warn Fast Flux is Powering Resilient Malware, C2, and Phishing Networks (source)
- New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner (source)
- iOS devices face twice the phishing attacks of Android (source)
- Midnight Blizzard deploys new GrapeLoader malware in embassy phishing (source)
- Windows NTLM hash leak flaw exploited in phishing attacks on governments (source)
- Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader (source)