Security News > 2023 > February > RedEyes hackers use new malware to steal data from Windows, phones

The APT37 threat group uses a new evasive 'M2RAT' malware and steganography to target individuals for intelligence collection.

The threat actors targeted EU-based organizations with a new version of their mobile backdoor named 'Dolphin,' deployed a custom RAT called 'Konni,' and targeted U.S. journalists with a highly-customizable malware named 'Goldbackdoor.

In a new report released today by AhnLab Security Emergency response Center, researchers explain how APT37 is now using a new malware strain called 'M2RAT' that uses a shared memory section for commands and data exfiltration and leaves very few operational traces on the infected machine.

For persistence on the system, the malware adds a new value in the "Run" Registry key, with commands to execute a PowerShell script via "Cmd.exe." This same command was also seen in a 2021 Kaspersky report about APT37.

Another interesting feature of M2RAT is that it uses a shared memory section for command and control communication, data exfiltration, and the direct transfer of stolen data to the C2 without storing them in the compromised system.

Using a memory section on the host for the above functions minimizes the exchange with the C2 and makes analysis harder, as security researchers have to analyze the memory of infected devices to retrieve the commands and data used by the malware.

News URL

https://www.bleepingcomputer.com/news/security/redeyes-hackers-use-new-malware-to-steal-data-from-windows-phones/