Security News > 2022 > June > New phishing attack infects devices with Cobalt Strike

Security researchers have noticed a new malicious spam campaign that delivers the 'Matanbuchus' malware to drop Cobalt Strike beacons on compromised machines.
Cobalt Strike is a penetration testing suite that is frequently used by threat actors for lateral movement and to drop additional payloads.
The malware's features include launching custom PowerShell commands, leveraging standalone executables to load DLL payloads, and establishing persistence via the addition of task schedules.
In the background, two Matanbuchus DLL payloads are dropped in two different locations, a scheduled task is created to maintain persistence across system reboots, and communication with the command and control server is established.
Finally, Matanbuchus loads the Cobalt Strike payload from the C2 server, opening the way to wider exploitation potential.
Cobalt Strike as a second-stage payload in Metanbuchus malspam campaign was first reported by DCSO, a German security company, on May 23, 2022.
News URL
Related news
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- iOS devices face twice the phishing attacks of Android (source)
- Windows NTLM hash leak flaw exploited in phishing attacks on governments (source)
- Three Reasons Why the Browser is Best for Stopping Phishing Attacks (source)
- Phishing detection is broken: Why most attacks feel like a zero day (source)
- DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack (source)