Security News > 2023 > April > Ex-Conti members and FIN7 devs team up to push new Domino malware

Ex-Conti members and FIN7 devs team up to push new Domino malware
2023-04-17 20:36

Ex-Conti ransomware members have teamed up with the FIN7 threat actors to distribute a new malware family named 'Domino' in attacks on corporate networks.

Domino is a relatively new malware family consisting of two components, a backdoor named 'Domino Backdoor,' which in turn drops a 'Domino Loader' that injects an info-stealing malware DLL into the memory of another process.

A new IBM report released Friday links the actual development of the Domino malware to the FIN7 hacking group - a cybercriminal outfit linked to a variety of malware, and the BlackBasta and DarkSide ransomware operations.

Since the fall of 2022, IBM researchers have been tracking attacks using a malware loader named 'Dave Loader' that is linked to former Conti ransomware and TrickBot members.

More recently, IBM says they have seen Dave Loader installing the new Domino malware family.

IBM has attributed the Domino malware family to FIN7 due to a great deal of code overlap with Lizar, a post-exploitation toolkit associated with FIN7.


News URL

https://www.bleepingcomputer.com/news/security/ex-conti-members-and-fin7-devs-team-up-to-push-new-domino-malware/