Threat Management, Malware

Novel malware distribution techniques leveraged by hackers

Numerous file formats are being leveraged by North Korean advanced persistent threat group APT37, also known as Reaper, RedEyes, Scarcruft, and Ricochet Chollima, to facilitate malware distribution efforts, reports The Hacker News. While APT37 was initially reported by ASEC to be using HWP files to deploy the M2RAT backdoor, the threat operation has been discovered by Zscaler researchers to be distributing malware through macro-based Microsoft Office documents, as well as Microsoft Compiled HTML Help, LNK, HTA, and XLL files. Such methods have enabled the deployment of the Chinotto malware, which has been updated to allow screenshot capturing and keylogging, with obtained data exfiltrated to a remote server, according to the Zscaler report. APT37 also had its malicious activity evade detection for over two years, researchers noted. "The group is constantly evolving its tools, techniques, and procedures while experimenting with new file formats and methods to bypass security vendors," said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.