September 27, 2023

The DOD and DHS have released a joint security advisory regarding a new malware dubbed “SlothfulMedia”, which is beeing used in ongoing attacks.

SlothfulMedia is an information-stealer capable of logging keystrokes of victims and modifying files, which “has been used by a sophisticated cyber actor.” The two agencies did not reveal the name of the threat actor in question.

The report also does not mention the scope of the attacks, or targeted countries, but, the malicious campaign has been aimed at targets in India, Kazakhstan, Kyrgyzstan, Malaysia, Russia and Ukraine.

The SlothfulMedia malware deploys two files when executed. The first file is a remote access tool (RAT) named mediaplayer.exe, which is designed for command and control (C2) of victim computer systems. The RAT is able to to terminate processes, run arbitrary commands, take screen shots, modify the registry, and modify files on victim machines. It communicates with its command and control server using Hypertext Transfer Protocol (HTTP) over Transmission Control Protocol (TCP).

The second file deletes the dropper after the RAT gains persistence on the victim system using the “Task Frame” service, which ensures that the RAT is loaded after reboot.

They uploaded the malware sample to the malware-sharing repository on VirusTotal.

Tags:

Leave a Reply

You may have missed

BORN Canada latest victim of MoveIT data breach

September 27, 2023

Hardware Supply Chain Risk Assessment from CISA

September 27, 2023

Sony attack – Ransomed.vc claims responsibility

September 26, 2023

Chrome Zeroday – CVE-2023-4863 PoC Exploit Released

September 25, 2023

BlackCat adds Clarion to its Victim list

September 24, 2023

TheCyberThrone Security Week In Review – September 23, 2023

September 24, 2023
%d bloggers like this: