Free Phone Consultation For New Clients | CONTACT NOW

Xloader Returns with New Infection Technique

Xloader malware is a rebranded version of the Formbook stealer, which uses Steganography to hide its malicious content in a bitmap file, according to Cyble Research Labs and Nmtw.

The malware has been targeting insecure network shares such as those on the office network, but with a new infection technique, the malware is now able to attack Windows machines even when they are offline.

The new technique is an old idea that normally relies on spam email attachments to spread malware. When Xloader’s creator was unable to send messages with malicious content in emails due to spam blacklisting software, it decided to use steganography instead. This process involves hiding files or data in a digital image so it can be sent without exposing the content and potentially alerting recipients of its presence.

This approach is effective for malware, since it hides the fact that an attachment exists in emails.

“Imagine a spearphishing email with an image file attached to it. The malware assumes that the victim will open the file and will be infected. It could be a simple JPEG, but the malicious content within could be Xloader’s executable, which would give attackers remote control over the system when they download it,” said Nmtw.

According to Cyble Research Labs, Xloader also uses other infection techniques such as WMI and PowerShell to infect machines even when they are offline (by creating scheduled tasks).

Source: Xloader Returns with New Infection Technique - AlienVault - Open Threat Exchange

Need secure managed IT services in the Greenville, SC, area?