Attackers Spread Cobalt Strike Through Backdoor in Common Apps

Security Intelligence -

Attackers Spread Cobalt Strike Through in Common

Researchers discovered a new attack campaign targeting online gambling companies in with one of two malware payloads. In one scenario detected by Trend Micro, the campaign dropped a previously undocumented backdoor written in . The firm dubbed this threat ‘BIOPASS ’ (for ). In addition, they discovered it was spread in conjunction with the Cobalt Strike malware. Read on to learn about a unique attempt that BIOPASS uses to sniff a victim’s screen.

The Novel Features of BIOPASS

The campaign begins with a watering hole attack, where attackers compromise a website by placing an injection script into a target’s online chat support page. From there, they could load either the BIOPASS RAT or Cobalt Strike.

First, the injection script scans for signs of existing infection. Next, it replaces the real page’s content with a page that displays an error message. This message instructs them to download an updated version of either Adobe Flash Player or Microsoft Silverlight. Both programs are already deprecated.

Each installer downloads the real application. However, it also creates scheduled tasks for the

Read More: https://securityintelligence.com/news/cobalt-strike-spread-backdoor-common-apps/