Security News > 2022 > March > Mutating Verblecon malware in illicit cryptomining ... so far

The mutating malware attempts to evade detection by antivirus tools and similar defenses, meaning bad news all round if the software was used to deploy more destructive payloads - and that the crooks using Verblecon may not realize the power of the loader's full potential.

"The activity we have seen carried out using this sophisticated loader indicates that it is being wielded by an individual who may not realize the capabilities of the malware they are using," Symantec's threat hunting team warned today.

Security analysts at Symantec, now a division of Broadcom Software, say they discovered Verblecon in January being used to install miners and potentially steal access tokens for chat app Discord.

First the sneaky Windows malware runs a series of checks to see if it's being debugged, or being opened on a virtual machine or in a sandbox environment, "Which would indicate it is likely being opened on a security researcher's machine," the researchers wrote.

Txt. While illicit cryptocurrency mining on victims' machines appears to be the goal of the malware, "This would appear to be a relatively low-reward goal for the attacker given the level of effort that would have been required to develop this sophisticated malware," according to Symantec.

So while it's possible that cyber-criminals are using Verblecon to drop ransomware, Symantec said it's more likely that this nefarious activity is being carried out by an inexperienced actor who doesn't realize the malware's capabilities.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/03/29/verblecon_malware_cryptomining/