Security News > 2022 > February > Molerats hackers deploy new malware in highly evasive campaign

The Palestinian-aligned APT group tracked as TA402 was spotted using a new implant named 'NimbleMamba' in a cyber-espionage campaign that leverages geofencing and URL redirects to legitimate websites.
If the target's IP address matches the defined targeted region, a copy of NimbleMamba is dropped on their system inside a RAR file.
NimbleMamba inevitably carries some code similarities with LastConn, but these are limited to the programming language, C2 encoding scheme, and the use of Dropbox API for communications.
"NimbleMamba has the traditional capabilities of an intelligence-gathering trojan and is likely designed to be the initial access," explains Proofpoint's report.
The RAR files fetched from Dropbox don't always contain only NimbleMamba, as the analysts also retrieved the BrittleBush trojan, which is most likely used as a backup tool.
Already, the domains used for delivering NimbleMamba and C2 communications have been taken offline.
News URL
Related news
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages (source)
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign (source)
- North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures (source)
- Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware (source)