Application security, Cloud Security, Malware

Malicious use of BoxedApp tool on the rise

neon cloud computing technology concept, illustration.

App virtualization tool BoxedApp has been increasingly leveraged to facilitate the distribution of malicious payloads while bypassing static analysis during the past year, with threat actors particularly exploiting the tool's virtual storage, virtual processes, and virtual registry features, The Register reports.

Agent Tesla, QuasarRAT, AsyncRAT, and other remote access trojans accounted for the majority of the backdoors deployed via BoxedApp, which was also used to spread information-stealing malware and ransomware strains, according to a Check Point Research report.

Meanwhile, most of the malicious BoxedApp samples submitted to VirusTotal were from Turkey, the U.S., and Germany. Such findings have prompted application security expert Sean Wright to discourage the utilization of BoxedApp apps within organizations.

"If you need to use these types of applications, look to leveraging controls such as signing of these applications, which as [Check Point Research's] writeup indicates can also help reduce the false positive rates," Wright said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.