This New Stealthy JavaScript Loader Infecting Computers with Malware

2021-11-26 22:23

Threat actors have been found using a previously undocumented JavaScript malware strain that functions as a loader to distribute an array of remote access Trojans and information stealers.

HP Threat Research dubbed the new, evasive loader "RATDispenser," with the malware responsible for deploying at least eight different malware families in 2021.

Around 155 samples of this new malware have been discovered, spread across three different variants, hinting that it's under active development.

"RATDispenser is used to gain an initial foothold on a system before launching secondary malware that establishes control over the compromised device," security researcher Patrick Schläpfer said.

As with other attacks of this kind, the starting point of the infection is a phishing email containing a malicious attachment, which masquerades as a text file, but in reality is obfuscated JavaScript code programmed to write and execute a VBScript file, which, in turn, downloads the final-stage malware payload on the infected machine.

"The variety in malware families, many of which can be purchased or downloaded freely from underground marketplaces, and the preference of malware operators to drop their payloads, suggest that the authors of RATDispenser may be operating under a malware-as-a-service business model," Schläpfer said.

News URL

https://thehackernews.com/2021/11/this-new-stealthy-javascript-loader.html

#javascript #malware