Security News > 2024 > April > New Latrodectus malware attacks use Microsoft, Cloudflare themes
Latrodectus malware is now being distributed in phishing campaigns using Microsoft Azure and Cloudflare lures to appear legitimate while making it harder for email security platforms to detect the emails as malicious.
Latrodectus is an increasingly distributed Windows malware downloader first discovered by Walmart's security team and later analyzed by ProofPoint and Team Cymru that acts as a backdoor, downloading additional EXE and DLL payloads or executing commands.
Based on the distribution and infrastructure, researchers have linked the malware to the developers of the widely-distributed IcedID modular malware loader.
As Latrodectus malware infections are used to drop other malware and for initial access to corporate networks, they can lead to devastating attacks.
Since Latrodectus is linked to IcedID, these attacks may lead to a wider range of malware in the future such as Cobalt Strike and we might also see partnerships with ransomware gangs.
New Latrodectus malware replaces IcedID in network breaches.
News URL
Related news
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Microsoft fixes Windows zero-day exploited in QakBot malware attacks (source)
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- The Biggest Takeaways from Recent Malware Attacks (source)
- Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (source)
- Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days (source)
- TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (source)
- GitHub comments abused to push malware via Microsoft repo URLs (source)
- CoralRaider attacks use CDN cache to push info-stealer malware (source)