Security News > 2023 > May > New WinTapix.sys Malware Engages in Multi-Stage Attack Across Middle East
An unknown threat actor has been observed leveraging a malicious Windows kernel driver in attacks likely targeting the Middle East since at least May 2020.
A key security measure to mitigate against malicious drivers is Driver Signature Enforcement, which ensures that only drivers signed by Microsoft can be loaded on the system.
The tech giant also maintains driver block rules to protect against known vulnerable drivers.
Sys, on the other hand, comes with an invalid signature, indicating that the threat actor will have to first load a legitimate but vulnerable driver in order to launch WINTAPIX. UPCOMING WEBINAR. Zero Trust + Deception: Learn How to Outsmart Attackers!
The development comes as the ALPHV ransomware group has been observed taking advantage of a malicious signed driver to impair security defenses and escape detection for extended periods of time.
POORTRY is the name assigned to a Windows kernel driver that comes with capabilities to terminate security software.
News URL
https://thehackernews.com/2023/05/new-wintapixsys-malware-engages-in.html
Related news
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites (source)
- FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- Beware: Fake CAPTCHA Campaign Spreads Lumma Stealer in Multi-Industry Attacks (source)
- MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks (source)
- How to Prevent Phishing Attacks with Multi-Factor Authentication (source)