December 9, 2023

A cybercrime group tracked as TA543 is deploying a new variant of a malware loader dubbed JSSLOADER to target victims as part of a phishing campaign. The malware is often dropped as a first or second stage malware to target victims this include the malware being complied in C++ programming language earlier was in .Net

The TA543’s campaign using the new loader began on June 8 with the attackers sending malicious phishing emails that appear to come from the United Parcel Service. The emails notified the victims that they have an undelivered parcel due to a wrong address. The links within these emails then directed the victims to a landing page that contains a Windows Scripting File hosted on SharePoint. If executed, it downloaded an intermediate script, which then downloaded and executed the C++ version of JSSLoader

Similar Campaign

Proofpoint says attackers generally deploy new malware loader variants or tweak the existing ones as means to avoid detection.

Proofpoint uncovered a campaign that deployed a version of the Buer first-stage malware loader that was rewritten in the Rust programming language which was capable of exfiltrating sensitive information.

A report by security firm Cisco Talos in March described how ransomware groups are deploying Trojan loaders to as part of phishing campaigns

Russian hacking group Turla deployed an IronPython-based malware loader called “IronNetInjector” as part of a new campaign, Palo Alto’s Unit42 reported

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

Apache Struts fixes Critical Vulnerability – CVE-2023-50164

December 8, 2023

Meta enables Messenger with E2EE by Default

December 8, 2023 2

CISA KEV Update Part II – December 2023

December 7, 2023

Atlassian fixes critical RCE vulnerabilities in its products

December 6, 2023

Microsoft Echo’s on APT 28 exploiting CVE-2023-23397

December 5, 2023

Papercut Privilege Escalation Vulnerability Unearthed

December 5, 2023
%d