Researchers Uncovered Malware That Drops Six Variants in One Hit
Researchers have uncovered a new malware campaign which they dub the “Hornets Nest”. What makes this attack notable is the deployment of six different malware variants in one go. These include cryptominers, infostealers, cryptostealer, and a backdoor.
Hornets Nest Malware Attack
Researchers from Deep Instinct have discovered a new malware attack that might be a threat designed especially for enterprises. As elaborated in their blog post, the campaign dubbed as “Hornets Nest” is peculiar owing to its destructive attack strategy. Though, the campaign doesn’t appear as sophisticated compared to say a zero day, it does however deploy six malware exploits in a single attack with the aim of exploit.
In brief, the attack begins with the ‘Legion Loader’ – the malware dropper written in MS Visual C++ 8 exhibits numerous VM/Sandbox and other features to stay under the radar from researchers. Yet, it lacks string obfuscation.
Upon execution, the Legion Loader then infects the victim machine with further malware. These include the commercially available infostealers such as Vidar, Predator the Thief and Racoon stealer, and cryptominer. In addition, it also exhibits a built-in cryptocurrency stealer, and RDP backdoor that permits additional attacks in future.
Possible Link To Russia
Whilst researcher found this campaign relatively less-sophisticated, possibly due to the lack of code obfuscation which made the analysis easier.
The presence of cryptominer and cryptostealer hint an an obvious incentive to make quick money. Whereas, the infostealers would surely benefit the attackers in the long run. The researchers also believe that such a wide-impact attack will be a ‘nightmare’ for enterprises.
Whilst the origin of the attack has not been officially located, the analysis of Legion Loader links to Russia.
The current campaign actively targets United States and Europe, where every dropper throws 2 to 3 malware including cryptostealers and browser-credentials harvester.
In recent similar stories, Fortinet also shared details of a malware campaign targeting Windows systems with two RATs at a time.