Security News > 2021 > May > Global Phishing Attacks Spawn Three New Malware Strains
Two waves of global financial phishing attacks that swamped at least 50 organizations in December have delivered three new malware families, according to a report from FireEye's Mandiant cybersecurity team.
On Tuesday, the team said that they've dubbed the hitherto-unseen malware strains Doubledrag, Doubledrop, and Doubleback.
Given the "Considerable" infrastructure they have at their disposal, their carefully crafted phishing lures, and what the researchers called the "Professionally coded sophistication" of the malware, the team says that the UNC2529 attackers seem "Experienced and well-resourced."
The malware ecosystem used by UNC2529 consists of either a downloader or an Excel document with an embedded macro; a dropper; and a backdoor.
The threat actors also worked hard to obfuscate the malware components.
Dimiter Andonov, Senior Principal Reverse Engineer with Mandiant, told Threatpost in an email on Tuesday afternoon that the techniques employed in this new malware ecosystem - specifically, the file-less serialization on compromised systems - isn't new, but it's effective.
News URL
https://threatpost.com/global-phishing-attacks-new-malware-strains/165857/
Related news
- WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- How to Prevent Phishing Attacks with Multi-Factor Authentication (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)