Subj : This new threat infects devices with a dozen malware at once To : All From : TechnologyDaily Date : Fri Jun 28 2024 20:00:05 This new threat infects devices with a dozen malware at once Date: Fri, 28 Jun 2024 18:45:00 +0000 Description: Unfurling Hemlock doesn't bother trying to hide itself - it just bombards with multiple malware variants. FULL STORY ====================================================================== Cybersecurity researchers from Outpost24s KrakenLabs observed a new and quite unique malware campaign that seems to values quantity over quality. Usually, when hackers compromise a device, they deploy a single piece of malware and try their best to remain unseen and persistent, as they use the computer for whatever end goal they have. But this new campaign, dubbed Unfurling Hemlock, does the exact opposite, making it stand out in the world of cybercrime. The researchers are saying that once the victim triggers the malware executable - in this case called EXTRACT.EXE - they receive a handful of different malware, infostealers, and botnet executables. Malware cluster bomb The chances of the malware being picked up by cybersecurity solutions is high, but the researchers believe the attackers are hoping at least some of the payloads will survive the purge. Among the things dropped on the devices are Redline (popular infostealer), RisePro (an upcoming infostealer), Mystic Stealer (infostealing malware-as-a-service), Amadey (loader), SmokeLoader (another loader), Protection Disabler (a utility that disables Windows Defender and other security features), Enigma Packer (obfuscation tool), Healer (anti-security solution), and Performance Checker (a utility that checks and logs the performance of malware execution). This malware cluster bomb was first spotted in February 2024, the researchers said, claiming to have seen more than 50,000 cluster bomb files, all with unique characteristics that link them back to Unfurling Hemlock. KrakenLabs could not say with absolute certainty who the threat actors behind Unfurling Hemlock are, but they are fairly confident they are of Eastern European origin. Some of the evidence pointing in that direction is the use of Russian language in some of the samples, and the use of the Autonomous System 203727, related to a hosting service cybercrime groups in the region usually use. Luckily enough, the malware being pushed through this campaign is well-known and most reputable antivirus programs will flag it. Via BleepingComputer More from TechRadar Pro New malware threats are rising faster than ever and all kinds of businesses are at risk Here's a list of the best firewalls today These are the best endpoint protection tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/this-new-threat-infects-devices-with-a- dozen-malware-at-once --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .