FormBook Malware Spreads via Malvertising Using MalVirt Loader to Evade Detection – The Hacker News
An ongoing malvertising campaign is being used to distribute virtualized .NET loaders that are designed to deploy the FormBook information-stealing malware.
“The loaders, dubbed MalVirt, use obfuscated virtualization for anti-analysis and evasion along with the Windows Process Explorer driver for terminating processes,” SentinelOne researchers Aleksandar Milenkoski and Tom Hegel said in a technical write-up.
The shift to Google malvertising is the latest example of how crimeware actors are devising alternate delivery routes to distribute malware ever since Microsoft announced plans to block the execution of macros in Office by default from files downloaded from the internet.
Malvertising entails placing rogue search engine advertisements in hopes of tricking users searching for popular software like Blender into downloading the trojanized software.
The MalVirt loaders, which are implemented in .NET, use the legitimate KoiVM virtualizing protector for .NET applications for…
The post FormBook Malware Spreads via Malvertising Using MalVirt Loader to Evade Detection – The Hacker News first appeared on SEO, Marketing and Social News | OneSEOCompany.com.
source: https://news.oneseocompany.com/2023/02/06/formbook-malware-spreads-via-malvertising-using-malvirt-loader-to-evade-detection-the-hacker-news_2023020640263.html
Your content is great. However, if any of the content contained herein violates any rights of yours, including those of copyright, please contact us immediately by e-mail at media[@]kissrpr.com.