Ransomware, Threat Management

Antivirus protections evaded by novel AvosLocker ransomware variant

AvosLocker ransomware was discovered by Trend Micro researchers to have a new variant that could facilitate antivirus system deactivation and evade detection, The Hacker News reports. "This is the first sample we observed from the U.S. with the capability to disable a defense solution using a legitimate Avast Anti-Rootkit Driver file (asWarPot.sys). In addition, the ransomware is also capable of scanning multiple endpoints for the Log4j vulnerability (Log4shell) using Nmap NSE script," wrote Trend Micro researchers Alvin Nieto and Christopher Ordonez. Most attacks by AvosLocker between July 2021 and February 2022 have been targeted at the food and beverage industry, followed by organizations in the technology, finance, telecom, and media sectors.The report noted that a Zoho ManageEngine ADSelfService Plus software remote code execution flaw exploit was leveraged to initiate the attack." The HTA executed an obfuscated PowerShell script that contains a shellcode, capable of connecting back to the [command-and-control] server to execute arbitrary commands," researchers said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.