Teacher
Professional
- Messages
- 2,669
- Reaction score
- 819
- Points
- 113
A new malware that steals secret information from popular browsers has been discovered.
Fortinet's FortiGuard Labs has discovered a new serious cyberattack called Vcurms. The attackers behind the development of this software use email as a command center, as well as public services such as AWS and GitHub to store malicious code.
The campaign primarily targets platforms with Java installed, posing a threat to any organization using such systems. Successful implementation gives attackers full control over compromised networks.
The user must download the malicious Java loader, which serves as a vector for distributing Vcurms itself and the STRRAT Trojan. Malicious emails are usually disguised as legitimate requests with requests to verify payment information and upload files hosted on AWS.
Once installed, the malware uses classic phishing techniques, including fake names and encrypted strings, to hide its malicious nature. It is particularly noteworthy that the software uses the class "DownloadAndExecuteJarFiles.class" to load and execute additional JAR files, expanding the capabilities of attackers.
The Vcurms component in the form of a remote Trojan (RAT) communicates with the command center via email, demonstrating a high level of technical sophistication. It provides persistence by copying itself to the startup folder, identifies and tracks victims using keylogging and password recovery functions.
In addition, the malware uses advanced obfuscation tools, such as the Branchlock obfuscator, to avoid detection and analysis. Despite all the difficulties, researchers continue to develop ways to deobfuscate and study the principles of Vcurms.
Vcurms is extremely similar to Rude Stealer malware, but it differs in its unique methods of transmitting information. At the same time, its main goal is to extract confidential data from frequently used browsers, including Chrome, Brave, Edge, Vivaldi, Opera, OperaGX, Firefox, as well as from applications such as Discord and Steam.
In response to the Vcurms threat, FortiGuard Labs recommends taking a number of preventive measures in its blog. First of all, you need to deploy updated cybersecurity solutions and perform network segmentation. In addition, it is extremely important to follow proper password management practices and exercise caution when working with email attachments to reduce the risk of infection.
Fortinet's FortiGuard Labs has discovered a new serious cyberattack called Vcurms. The attackers behind the development of this software use email as a command center, as well as public services such as AWS and GitHub to store malicious code.
The campaign primarily targets platforms with Java installed, posing a threat to any organization using such systems. Successful implementation gives attackers full control over compromised networks.
The user must download the malicious Java loader, which serves as a vector for distributing Vcurms itself and the STRRAT Trojan. Malicious emails are usually disguised as legitimate requests with requests to verify payment information and upload files hosted on AWS.
Once installed, the malware uses classic phishing techniques, including fake names and encrypted strings, to hide its malicious nature. It is particularly noteworthy that the software uses the class "DownloadAndExecuteJarFiles.class" to load and execute additional JAR files, expanding the capabilities of attackers.
The Vcurms component in the form of a remote Trojan (RAT) communicates with the command center via email, demonstrating a high level of technical sophistication. It provides persistence by copying itself to the startup folder, identifies and tracks victims using keylogging and password recovery functions.
In addition, the malware uses advanced obfuscation tools, such as the Branchlock obfuscator, to avoid detection and analysis. Despite all the difficulties, researchers continue to develop ways to deobfuscate and study the principles of Vcurms.
Vcurms is extremely similar to Rude Stealer malware, but it differs in its unique methods of transmitting information. At the same time, its main goal is to extract confidential data from frequently used browsers, including Chrome, Brave, Edge, Vivaldi, Opera, OperaGX, Firefox, as well as from applications such as Discord and Steam.
In response to the Vcurms threat, FortiGuard Labs recommends taking a number of preventive measures in its blog. First of all, you need to deploy updated cybersecurity solutions and perform network segmentation. In addition, it is extremely important to follow proper password management practices and exercise caution when working with email attachments to reduce the risk of infection.
