Malwarebytes has discovered a new cyberattack modus operandi that has hackers incorporating legitimate apps into their malware to make it stronger and accomplish specific tasks.
Although the cybersecurity firm did not name the malware used as an example in its report, the company did note that this hacking methodology is representative of what is happening in the wild and becoming more prevalent.
The example used by Malwarebytes recently found a banking trojan that once installed on the victims machines downloaded FFmpeg, a free software that produces libraries and programs for handling multimedia data. This ability, along with several others already included in the malware, allows the hacker to not only grab screenshots, but full video of the victim's computer.
Essentially, once the malware recognizes that the computer is on a banking site it turns on its various capture capabilities to grab login credentials and other personal data. The malware itself is unsophisticated, easily defeated and poorly obfuscated, but Malwarebytes warns that despite these shortcomings it is highly capable of spying and even backdooring the victim's computer.
This malware is prepared by an unsophisticated actor, Malwarebytes said. Neither the binary nor the communication protocol is well obfuscated. The used packer is well-known and easy to defeat. However, the malware is rich in features and it seems to be actively maintained. It's capabilities of spying on the victim and backdooring the attacked machine should not be taken lightly because even a simple threat actor can cause a lot of damage when neglected.
