Security News > 2023 > January > Cybercriminals Using Polyglot Files in Malware Distribution to Fly Under the Radar

Remote access trojans such as StrRAT and Ratty are being distributed as a combination of polyglot and malicious Java archive files, once again highlighting how threat actors are continuously finding new ways to fly under the radar.

"Attackers now use the polyglot technique to confuse security solutions that don't properly validate the JAR file format," Deep Instinct security researcher Simon Kenin said in a report.

Polyglot files are files that combine syntax from two or more different formats in a manner such that each format can be parsed without raising any error.

"What's special about ZIP files is that they're identified by the presence of an end of central directory record which is located at the end of the archive," Kenin explained.

The lack of adequate validation of the JAR files results in a scenario where malicious appended content can bypass security software and stay undetected until they are executed on the compromised hosts.

"The proper detection for JAR files should be both static and dynamic," Kenin said.

News URL

https://thehackernews.com/2023/01/cybercriminals-using-polyglot-files-in.html