☁️ OBSCURE#BAT malware uses fake CAPTCHA pages to distribute r77 rootkit and evade detection

chushpan

chushpan

Professional
Messages
661
Reaction score
449
Points
63
👉 A new malware campaign has been discovered that uses social engineering tactics to distribute the open-source r77 rootkit.

🗞 Dubbed OBSCURE#BAT by Securonix, the activity allows threat actors to maintain persistence and evade detection on compromised systems. It is currently unknown who is behind the campaign.

📰 The rootkit “has the ability to disguise any file, registry key, or task that begins with a specific prefix,” security researchers Dan Juzwik and Tim Peck wrote in a report shared with The Hacker News. “It targets users by masquerading as legitimate software downloads or by using fake CAPTCHAs for social engineering”.

📰 The campaign primarily targets English speakers, particularly those in the United States, Canada, Germany, and the United Kingdom.

📌 OBSCURE#BAT gets its name from the fact that the attack starts with an obfuscated Windows batch script, which in turn executes PowerShell commands to activate a multi-step process that ends with the deployment of the rootkit.
 
You must log in or register to reply here.

Similar threads

chushpan
🖥 New Trojan Can Spy, Steal Cryptocurrency, and Disguise Itself to Avoid Detection
Replies
0
Views
56
chushpan
chushpan
chushpan
🤖 Ballista Botnet Exploits Unpatched TP-Link Vulnerability to Infect Over 6,000 Devices
Replies
0
Views
121
chushpan
chushpan
chushpan
😷 Medusa Ransomware Uses Malicious Driver to Disable Antivirus Software with Stolen Certificates
Replies
0
Views
69
chushpan
chushpan
chushpan
🔐 Fake Meta support agent steals your passwords
Replies
0
Views
52
chushpan
chushpan
chushpan
🎃 Hackers Use ClickFix Trick to Deploy Havoc C2 PowerShell System via SharePoint Sites
Replies
0
Views
71
chushpan
chushpan
Back
Top