Unusual ‘Donald Trump’ Packer Malware Delivers RATs, Infostealers

2022-01-24 10:00

NET malware packer being used to deliver a variety of remote access trojans and infostealers has a fixed password named after Donald Trump, giving the new find its name, "DTPacker."

The ProofPoint team that discovered DTPacker reported that the malware is notable because it delivers both embedded payloads, as well as those fetched from a command-and-control server.

"DTPacker uses both forms, it is unusual for a piece of malware to be both a packer and a downloader."

"Proofpoint observed multiple decoding methods and two Donald Trump-themed fixed keys, thus the name 'DTPacker,'" according to the report.

The researchers predicted that the DTPacker malware will continue to be used by threat actors and traded around underground forums.

"It is unknown why the malware author specifically referred to Donald Trump in the malware's fixed passwords, as it is not used to specifically target politicians or political organizations and would not be seen by the intended victims," the analysts added.

News URL

https://threatpost.com/donald-trump-packer-malware-infostealers/177887/

#malware #RAT #trump