With the rapid technological advancement in the cybercrime realm, attackers are coming up with new ways of quickly developing and deploying sophisticated malware. Recently, security researchers identified a new malware dubbed Saint Bot that has made a name for itself in a short time.
What was discovered?
Analysts from Malwarebytes discovered a new phishing campaign, aimed at delivering a credential stealer and other malware.
The malicious emails carry a zip file attachment (bitcoin.zip), luring the victim with a chance of getting access to a Bitcoin wallet while initiating a chain of infection that eventually leads to downloading Saint Bot.
The zip file contains a malicious PowerShell script, which tries to download the next stage malicious payloads from the embedded link consisting of several executable files.
Current samples of Saint Bot were observed dropping Taurus Stealer or other AutoIt-based stealers, although its design indicates that it is capable of delivering other kinds of malware as well.
What makes Saint Bot different?
Saint Bot is equipped with several techniques that are usually seen only in mature malware code. Advanced techniques such as code obfuscation, process injection, and anti-analysis have been employed across several stages of the infection cycle.
Recent attacks
Analysts indicated that the malware was distributed in several attacks targeting government institutions.
A COVID-19-themed attack campaign was seen targeting Georgia.
In this attack, an email carried a malicious LNK file, that led to a malicious document and a decoy PDF file. Both these droppers were delivering Saint Bot malware.
Conclusion
So far, the experts haven’t associated this downloader with any threat grou ..
Support the originator by clicking the read the rest link below.
