The cybersecurity landscape is marked by sophisticated malware strains designed to harvest sensitive data, get a foothold on company networks, and generally wreak havoc.
A new report from ReliaQuest examines five malware variants that have recently impacted the threat landscape or may do so in the near future: “LummaC2,” Rust-based stealers, “SocGholish,” “AsyncRAT,” and “Oyster.”
ReliaQuest’s Threat Research team analyzed customer incident data, external industry reporting, and cybercriminal forums to identify the most pressing malware threats that warrant proactive responses from customers due to their past use, anticipated future deployment, interest on the dark web, and ability to bypass defenses and execute successfully.
These malware variants pose significant risks to entities in all sectors and regions, says ReliaQuest. Let’s take a closer look:
LummaC2: The Infostealer Powerhouse
LummaC2, an information-stealing malware, has soared in popularity among threat actors since its debut on criminal forums in December 2022. Capable of exfiltrating data from multiple browsers and cryptocurrency wallets, LummaC2 is a dangerous tool in the hands of attackers. Its ability to bypass antivirus software and employ unconventional distribution tactics, such as trojanized software and fake updates, makes it a persistent threat.
Recent activity has shown a significant increase in LummaC2-related incidents, with attackers leveraging fake websites and phishing campaigns to deploy the malware across various regions.
Rust-Based Stealers: The New Frontier
Rust-based stealers, including Fickle Stealer and Rusty Stealer, are gaining traction thanks to their ability to slip through the security nets undetected. Rust, a compiled language, allows malware to execute quickly and cross platforms, making it a favorite among malefactors.
These stealers often masquerade as legitimate software, duping users into downloading them. Once executed, they harvest credentials and other sensitive information, which is then sold on underground criminal forums.
SocGholish: The Silent Infiltrator
SocGholish, also known as FakeUpdates, is a remote access trojan (RAT) that disguises itself as a browser update. This malware is particularly insidious because it can infect high-ranking websites, and make them appear like the real McCoy to unsuspecting users.
Operated by the initial access broker Mustard Tempest, SocGholish has been linked to high-impact ransomware attacks, including those conducted by the RansomHub group. SocGholish continues to evolve, with recent campaigns using Python to establish persistence and evade detection.
AsyncRAT: The Persistent Threat
Active since 2018, AsyncRAT is a versatile RAT that allows attackers to monitor and control compromised systems remotely. Its prevalence in critical incidents has made it a significant threat to organizations across industries.
AsyncRAT is distributed through phishing campaigns and malvertising, often in conjunction with other malicious tools. Its open-source nature and continued development by threat actors ensure its ongoing use in increasingly sophisticated attacks.
Oyster: The Stealthy Backdoor
Oyster, first identified in September 2023, is a backdoor malware that uses fake websites to trick users into downloading what appears to be legitimate software. Once executed, Oyster establishes a connection to the attacker’s command-and-control server, enabling remote sessions and file transfers. Its ability to persist on a system using PowerShell makes it a particularly stealthy threat, with the potential to go undetected for extended periods.
Recommendations for Mitigation
To protect against emerging threats, entities should implement strict security measures, such as restricting the storage of passwords in web browsers, enforcing application control policies, and blocking suspicious email attachments. Additionally, using tools like GreyMatter Automated Response Plays can help detect and respond to these threats quickly, minimizing the potential for damage.
As bad actors continue to develop and deploy new malware variants, staying informed and proactive is key to safeguarding sensitive information and maintaining the integrity of company networks.
To read the full report, click here.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.