Vulnerability Management, Malware

Multi-stage malware deployed via ScrubCrypt crypter

Abstract Red Background with Binary Code Numbers. Data Breach, Malware, Cyber Attack, Hacking

Phishing attacks with the ScrubCrypt crypter and BatCloak malware obfuscation engine have been launched by threat actors to facilitate multi-stage malware infections, reports The Hacker News.

Intrusions commence with the delivery of invoice-themed phishing emails containing Scalable Vector Graphics attachments, which when clicked trigger a ZIP archive with a BatCloak-based batch script and ScrubCrypt to evade security defenses before leading to Venom RAT malware execution, a report from Fortinet FortiGuard Labs revealed.

Researchers noted that Venom RAT establishes a connection with a command-and-control server to enable the delivery of other plugins, including a version of the remote access trojan with keylogging features, as well as the Remcos RAT, NanoCore RAT, and XWorm payloads.

"This analysis reveals a sophisticated attack leveraging multiple layers of obfuscation and evasion techniques to distribute and execute VenomRAT via ScrubCrypt… Furthermore, deploying plugins through different payloads highlights the versatility and adaptability of the attack campaign," said researcher Cara Lin.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.