Security News > 2023 > May > New WinTapix.sys Malware Engages in Multi-Stage Attack Across Middle East
An unknown threat actor has been observed leveraging a malicious Windows kernel driver in attacks likely targeting the Middle East since at least May 2020.
A key security measure to mitigate against malicious drivers is Driver Signature Enforcement, which ensures that only drivers signed by Microsoft can be loaded on the system.
The tech giant also maintains driver block rules to protect against known vulnerable drivers.
Sys, on the other hand, comes with an invalid signature, indicating that the threat actor will have to first load a legitimate but vulnerable driver in order to launch WINTAPIX. UPCOMING WEBINAR. Zero Trust + Deception: Learn How to Outsmart Attackers!
The development comes as the ALPHV ransomware group has been observed taking advantage of a malicious signed driver to impair security defenses and escape detection for extended periods of time.
POORTRY is the name assigned to a Windows kernel driver that comes with capabilities to terminate security software.
News URL
https://thehackernews.com/2023/05/new-wintapixsys-malware-engages-in.html
Related news
- Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations (source)
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Open-source malware doubles, data exfiltration attacks dominate (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner (source)