This new threat infects devices with a dozen malware at once
Cybersecurity researchers from Outpost24’s KrakenLabs observed a new and quite unique malware campaign that seems to values quantity over quality.
Usually, when hackers compromise a device, they deploy a single piece of malware and try their best to remain unseen and persistent, as they use the computer for whatever end goal they have.
But this new campaign, dubbed Unfurling Hemlock, does the exact opposite, making it stand out in the world of cybercrime. The researchers are saying that once the victim triggers the malware executable – in this case called ‘EXTRACT.EXE’ – they receive a handful of different malware, infostealers, and botnet executables.
Malware cluster bomb
The chances of the malware being picked up by cybersecurity solutions is high, but the researchers believe the attackers are hoping at least some of the payloads will survive the purge. Among the things dropped on the devices are Redline (popular infostealer), RisePro (an upcoming infostealer), Mystic Stealer (infostealing malware-as-a-service), Amadey (loader), SmokeLoader (another loader), Protection Disabler (a utility that disables Windows Defender and other security features), Enigma Packer (obfuscation tool), Healer (anti-security solution), and Performance Checker (a utility that checks and logs the performance of malware execution).
This “malware cluster bomb” was first spotted in February 2024, the researchers said, claiming to have seen more than 50,000 cluster bomb files, all with unique characteristics that link them back to Unfurling Hemlock.
KrakenLabs could not say with absolute certainty who the threat actors behind Unfurling Hemlock are, but they are fairly confident they are of Eastern European origin. Some of the evidence pointing in that direction is the use of Russian language in some of the samples, and the use of the Autonomous System 203727, related to a hosting service cybercrime groups in the region usually use.
Luckily enough, the malware being pushed through this campaign is well-known and most reputable antivirus programs will flag it.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Via BleepingComputer
More from TechRadar Pro
Cybersecurity researchers from Outpost24’s KrakenLabs observed a new and quite unique malware campaign that seems to values quantity over quality. Usually, when hackers compromise a device, they deploy a single piece of malware and try their best to remain unseen and persistent, as they use the computer for whatever end…
Recent Posts
- This new threat infects devices with a dozen malware at once
- The Center for Investigative Reporting is suing OpenAI and Microsoft
- Deadpool & Wolverine’s latest trailer teases yet another X-villain cameo
- The first-gen Nomad Base One Max 3-in-1 MagSafe charger is $55 off
- Samsung might finally be about to deal with the Galaxy S24 Ultra’s biggest problem
Archives
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011