Security News > 2022 > August > Hackers Use ModernLoader to Infect Systems with Stealers and Cryptominers

As many as three disparate but related campaigns between March and Jun 2022 have been found to deliver a variety of malware, including ModernLoader, RedLine Stealer, and cryptocurrency miners onto compromised systems.

"The actors use PowerShell,.NET assemblies, and HTA and VBS files to spread across a targeted network, eventually dropping other pieces of malware, such as the SystemBC trojan and DCRat, to enable various stages of their operations," Cisco Talos researcher Vanja Svajcer said in a report shared with The Hacker News.

The malicious implant in question, ModernLoader, is designed to provide attackers with remote control over the victim's machine, which enables the adversaries to deploy additional malware, steal sensitive information, or even ensnare the computer in a botnet.

Infection chains discovered by the cybersecurity firm involve attempts to compromise vulnerable web applications like WordPress and CPanel to distribute the malware by means of files that masquerade as fake Amazon gift cards.

The first stage payload is a HTML Application file that runs a PowerShell script hosted on the command-and-control server to initiate the deployment of intertim payloads that ultimately inject the malware using a technique called process hollowing.

"The usage of ready-made tools shows that the actor understands the TTPs required for a successful malware campaign but their technical skills are not developed enough to fully develop their own tools."

News URL

https://thehackernews.com/2022/08/hackers-use-modernloader-to-infect.html