App virtualization tool BoxedApp has been increasingly leveraged to facilitate the distribution of malicious payloads while bypassing static analysis during the past year, with threat actors particularly exploiting the tool's virtual storage, virtual processes, and virtual registry features, The Register reports.
Agent Tesla, QuasarRAT, AsyncRAT, and other remote access trojans accounted for the majority of the backdoors deployed via BoxedApp, which was also used to spread information-stealing malware and ransomware strains, according to a Check Point Research report.
Meanwhile, most of the malicious BoxedApp samples submitted to VirusTotal were from Turkey, the U.S., and Germany. Such findings have prompted application security expert Sean Wright to discourage the utilization of BoxedApp apps within organizations.
"If you need to use these types of applications, look to leveraging controls such as signing of these applications, which as [Check Point Research's] writeup indicates can also help reduce the false positive rates," Wright said.