Updated BLISTER malware loader leveraged in SocGholish infections

Threat actors have launched new SocGholish infection chains using an updated BLISTER malware loader to facilitate the delivery of Mythic, an open-source command-and-control framework, The Hacker News reports. More precise victim network targeting and reduced virtual machine/sandbox environment exposures are enabled by the updated BLISTER malware loader through its new keying feature, an Elastic Security Labs report showed. Mythic was previously reported by Palo Alto Networks Unit 42 to have been distributed through the use of SocGholish and BLISTER in attacks that involved the integration of the malware loader into the VLC Media Player library in a bid to stealthily compromise environments. Moreover, Red Canary and Trend Micro reported last year about the utilization of BLISTER to deploy Cobalt Strike and LockBit ransomware. "BLISTER is a loader that continues to stay under the radar, actively being used to load a variety of malware including clipbankers, information stealers, trojans, ransomware, and shellcode," said Elastic in an April report.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.