As per cybersecurity researchers, a new advertising campaign on the Google Ads network is pushing malware onto unsuspecting victims’ endpoints making this malvertising campaign different from others. The distributed malware is almost impossible for today’s antivirus solutions to pick up. The threat actors build code that can only be understood by virtual machines. If the victims run the malware, the virtual machine can translate the code back to its original code and run the malicious executive.
As per researchers, "Virtualization frameworks such as KoiVM obfuscate executables by replacing the original code, such as NET Common Intermediate Language (CIL) instructions, with virtualized code that only the virtualization framework understands.”
This type of malware also makes analysis difficult, the researchers also added, "When put to malicious use, virtualization makes malware analysis challenging and also represents an attempt to evade static analysis mechanisms."
The malware being distributed this way is Formbook, a known infostealer. Its virtualized version was dubbed “MalVirt”. To trick people into downloading the malware, the threat actors created a number of fake websites, pretending to be landing pages where people can download the Blender 3D software which is a popular 3D modeling, rendering, and animation program.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
