Security News > 2021 > May > Global Phishing Attacks Spawn Three New Malware Strains
Two waves of global financial phishing attacks that swamped at least 50 organizations in December have delivered three new malware families, according to a report from FireEye's Mandiant cybersecurity team.
On Tuesday, the team said that they've dubbed the hitherto-unseen malware strains Doubledrag, Doubledrop, and Doubleback.
Given the "Considerable" infrastructure they have at their disposal, their carefully crafted phishing lures, and what the researchers called the "Professionally coded sophistication" of the malware, the team says that the UNC2529 attackers seem "Experienced and well-resourced."
The malware ecosystem used by UNC2529 consists of either a downloader or an Excel document with an embedded macro; a dropper; and a backdoor.
The threat actors also worked hard to obfuscate the malware components.
Dimiter Andonov, Senior Principal Reverse Engineer with Mandiant, told Threatpost in an email on Tuesday afternoon that the techniques employed in this new malware ecosystem - specifically, the file-less serialization on compromised systems - isn't new, but it's effective.
News URL
https://threatpost.com/global-phishing-attacks-new-malware-strains/165857/
Related news
- How Phishing Attacks Adapt Quickly to Capitalize on Current Events (source)
- Google raps Iran's APT42 for raining down spear-phishing attacks (source)
- Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks (source)
- Cybercriminals exploit file sharing services to advance phishing attacks (source)
- CERT-UA Warns of New Vermin-Linked Phishing Attacks with PoW Bait (source)
- How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back (source)
- Novel attack on Windows spotted in phishing campaign run from and targeting China (source)
- Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack (source)
- New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm (source)
- Chinese hackers use new data theft malware in govt attacks (source)