Security experts from Carbon Black have spotted a new Adware campaign leveraging on very sophisticated obfuscation techniques.
The Adware campaign was used by crooks to spread ransomware and according to the malware researchers using tactics to similarities to the nation-state attack known as Operation Aurora.
“Just for fun, I asked my customer to the run the query: cmdline:copy AND cmdline:/b. Cb Response showed they had three hits. I bolted upright in my chair. Three years ago, I stumbled upon this attack vector and I’d never seen it since… until last week.” continues the report.
“As we began to triage the event, we began to see .dat files being joined to form all sorts of unusual file types including .txt, .png, .log, .ico, & .dll files. It was highly irregular”
“So, now for the ‘stranger’ part. As we began to walk backward up the process tree, we began noticing that the parent processes launching these rather advanced obfuscation techniques were ‘routine’ adware, flagged multiple times by Virus Total.”
The experts from Carbon Black received other similar support requests from their customers that experienced the same attack. According to the malware researchers, the victims from several industries were targeted by variants of adware used to deliver the Enigma ransomware.
According to the lead of the Advanced Consulting Team for Carbon Black, Benjamin Tedesco, the obfuscation techniques borrowed by the Operation Aurora were able to easily evade sandboxing and other detection mechanisms.
Once compromised the target machine, the malware used in the campaign was able to drop more payloads to perform other malicious activities.
This campaign is the demonstration that even behind an adware campaign, it is possible to find a very sophisticated threat.
(Security Affairs – Adware, Hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.