Security News > 2023 > May > New WinTapix.sys Malware Engages in Multi-Stage Attack Across Middle East
An unknown threat actor has been observed leveraging a malicious Windows kernel driver in attacks likely targeting the Middle East since at least May 2020.
A key security measure to mitigate against malicious drivers is Driver Signature Enforcement, which ensures that only drivers signed by Microsoft can be loaded on the system.
The tech giant also maintains driver block rules to protect against known vulnerable drivers.
Sys, on the other hand, comes with an invalid signature, indicating that the threat actor will have to first load a legitimate but vulnerable driver in order to launch WINTAPIX. UPCOMING WEBINAR. Zero Trust + Deception: Learn How to Outsmart Attackers!
The development comes as the ALPHV ransomware group has been observed taking advantage of a malicious signed driver to impair security defenses and escape detection for extended periods of time.
POORTRY is the name assigned to a Windows kernel driver that comes with capabilities to terminate security software.
News URL
https://thehackernews.com/2023/05/new-wintapixsys-malware-engages-in.html
Related news
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- SideWinder APT Strikes Middle East and Africa With Stealthy Multi-Stage Attack (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)