Security News > 2021 > May > Global Phishing Attacks Spawn Three New Malware Strains
Two waves of global financial phishing attacks that swamped at least 50 organizations in December have delivered three new malware families, according to a report from FireEye's Mandiant cybersecurity team.
On Tuesday, the team said that they've dubbed the hitherto-unseen malware strains Doubledrag, Doubledrop, and Doubleback.
Given the "Considerable" infrastructure they have at their disposal, their carefully crafted phishing lures, and what the researchers called the "Professionally coded sophistication" of the malware, the team says that the UNC2529 attackers seem "Experienced and well-resourced."
The malware ecosystem used by UNC2529 consists of either a downloader or an Excel document with an embedded macro; a dropper; and a backdoor.
The threat actors also worked hard to obfuscate the malware components.
Dimiter Andonov, Senior Principal Reverse Engineer with Mandiant, told Threatpost in an email on Tuesday afternoon that the techniques employed in this new malware ecosystem - specifically, the file-less serialization on compromised systems - isn't new, but it's effective.
News URL
https://threatpost.com/global-phishing-attacks-new-malware-strains/165857/
Related news
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- GenAI makes phishing attacks more believable and cost-effective (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Ongoing Phishing and Malware Campaigns in December 2024 (source)
- Inside the incident: Uncovering an advanced phishing attack (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- FBI spots HiatusRAT malware attacks targeting web cameras, DVRs (source)
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)
- Malware botnets exploit outdated D-Link routers in recent attacks (source)