Security News > 2022 > February > Molerats hackers deploy new malware in highly evasive campaign
The Palestinian-aligned APT group tracked as TA402 was spotted using a new implant named 'NimbleMamba' in a cyber-espionage campaign that leverages geofencing and URL redirects to legitimate websites.
If the target's IP address matches the defined targeted region, a copy of NimbleMamba is dropped on their system inside a RAR file.
NimbleMamba inevitably carries some code similarities with LastConn, but these are limited to the programming language, C2 encoding scheme, and the use of Dropbox API for communications.
"NimbleMamba has the traditional capabilities of an intelligence-gathering trojan and is likely designed to be the initial access," explains Proofpoint's report.
The RAR files fetched from Dropbox don't always contain only NimbleMamba, as the analysts also retrieved the BrittleBush trojan, which is most likely used as a backup tool.
Already, the domains used for delivering NimbleMamba and C2 communications have been taken offline.
News URL
Related news
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Chinese hackers target Linux with new WolfsBane malware (source)