Attacks/Breaches

8/17/2018
02:25 PM
50%
50%

Marap Malware Appears, Targeting Financial Sector

A new form of modular downloader packs the ability to download other modules and payloads.

Researchers have detected a new modular downloader in large campaigns primarily hitting financial institutions, where it may be planting the seeds for future compromise.

Proofpoint experts first observed multiple large email campaigns, each consisting of millions of messages, earlier this month. They noticed all led to the same "Marap" malware and shared common features with earlier campaigns linked to the threat actor TA505. The emails contained Microsoft Excel Web Query files, password-protected ZIP files containing the Query files, PDFs with embedded Query files, and Word documents containing macros.

Researchers say the modular nature of Marap lets actors add new capabilities or download additional modules after a system is already infected. They have so far seen it download a system fingerprinting module that performs reconnaissance, they write in a blog post.

This malware, the researchers' report continues, is part of a growing trend of small, versatile malware which gives attackers more flexibility to launch attacks and detect systems that could lead to more damaging compromise.

Read more details here.

Learn from the industry's most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Early bird rate ends August 31. Click for more info

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
8/17/2018 | 6:31:08 PM
Modular Malware against BA or Signatures
I can see modular malware being problematic for traditional AV systems that deal with signature based analysis but what about ones that deal with process execution such as a Cylance or Carbon Black? With this marap downloader still be able to stay under the covers with next gen AV?
Microsoft, Mastercard Aim to Change Identity Management
Kelly Sheridan, Staff Editor, Dark Reading,  12/3/2018
Windows 10 Security Questions Prove Easy for Attackers to Exploit
Kelly Sheridan, Staff Editor, Dark Reading,  12/5/2018
Starwood Breach Reaction Focuses on 4-Year Dwell
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/5/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I guess this answers the question: who's watching the watchers?
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19980
PUBLISHED: 2018-12-08
Anker Nebula Capsule Pro NBUI_M1_V2.1.9 devices allow attackers to cause a denial of service (reboot of the underlying Android 7.1.2 operating system) via a crafted application that sends data to WifiService.
CVE-2018-19961
PUBLISHED: 2018-12-08
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.
CVE-2018-19962
PUBLISHED: 2018-12-08
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.
CVE-2018-19963
PUBLISHED: 2018-12-08
An issue was discovered in Xen 4.11 allowing HVM guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because x86 IOREQ server resource accounting (for external emulators) was mishandled.
CVE-2018-19964
PUBLISHED: 2018-12-08
An issue was discovered in Xen 4.11.x allowing x86 guest OS users to cause a denial of service (host OS hang) because the p2m lock remains unavailable indefinitely in certain error conditions.