New ASMCrypt malware loader detailed

Novel malware crypter and loader ASMCrypt has been developed by cybercriminals building upon the stealthy DoubleFinger malware loader, which was previously leveraged to facilitate GreetingGhoul cryptocurrency stealer deployment, according to The Hacker News. Execution of ASMCrypt enables communications backend service communications through a TOR network that allows threat actors to customize payloads used in their attack campaigns, a report from Kaspersky showed. "The application creates an encrypted blob hidden inside a .PNG file. This image must be uploaded to an image hosting site," said Kaspersky. ASMCrypt's emergence comes amid the mounting prevalence of malware loaders in cyberattacks, including the return of the Bumblebee loader in a Web Distributed Authoring and Versioning-using distribution campaign discovered by Intel 471 researchers in August. On the other hand, GuLoader was observed by Check Point researchers to have been used to deploy the Remcos RAT trojan as part of a partnership. "The individuals behind these services are deeply entwined within the cybercriminal community, leveraging their platforms to facilitate illegal activities and profit from the sale of malware-laden tools," said Check Point.