Monday, July 6, 10:34 p.m.
Home security FIN7: BIOLOAD malware loader installs Carbanak backdoor on infected devices

FIN7: BIOLOAD malware loader installs Carbanak backdoor on infected devices

malwareSecurity investigators have discovered a new one tool, used by hacking team FIN7 to install new versions of it Carbanak backdoor. It malware called loader BIOLOAD and looks pretty much the same BOOSTWRITE, Another tool also recently linked to FIN7 hackers. The researchers noted that the loader is not easily detected.

Abuse of legal Windows methods

The malicious one software uses a technique with the name «Binary planting», which exploits a method of Windows to search for DLLs. In this way, attackers can gain more privileges on system- Target.

Its security platform Fortinet has maliciously blocked payloads in legitimate Windows processes. Specifically, it detected a malicious DLL in FaceFodUninstaller.exe.

“What makes an intruder executable attractive is the fact that it started with an inbuilt task called FODCleanupTask. This reduces the chances of detection, ”said Fortinet.

The attacker mounts the malicious WinBio.dll in the "\ System32 \ WinBioPlugIns" folder, which hosts the legitimate "winbio" DLL.

malware

As we said above, the new malware loader BIOLOAD looks a lot like the BOOSTWRITE tool. According to Fortinet, the analyzed BIOLOAD samples appeared in March and July 2019, while BOOSTWRITE was found in May.

However, there are some differences between the two loaders. For example, BIOLOAD does not support many payloads. It also uses XOR to decrypt the payload, not the ChaCha cipher.

Although BIOLOAD has been in use for 9 months, it is not easily detected. Only 9 out of 68 antivirus machines (on the VirusTotal scanning platform) recognize WinBio.dll as malicious.

As for the payload installed on the malicious systems, this is a newer version of it Carbanak backdoor.

BIOLOAD, unlike other loaders, controls infected devices for programs protection from viruses, which come from many Companies. Other loaders only control for Kaspersky, AVG and TrendMicro programs.

By analyzing the codes, techniques and the backdoor itself, Fortinet attributes BIOLOAD to the FIN7 hacking team.

This is proof that FIN7 is constantly developing new ones tools to distribute its backdoors.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS

Behave! alerts you to websites that scan your computer

A new browser extension called Behave! will warn you if a website uses scripts to perform scans or attacks ...

Try2Cry ransomware: Infects USB flash drives

A new ransomware known as Try2Cry is trying to "reach" other Windows computers by infecting USB flash drives, using Windows shortcuts (LNK files) ...

Bitcoin scam attracts people with "bait" celebrities!

A bitcoin multi-stage scam exposed and used personally identifiable information (PII) to deceive users by prompting them to sign up for a ...

iPhone: What to do to boost your security?

One of the most important features of iOS is security. Rarely does a malicious application pass to ...

COVID-19: New research looks for antibodies in blood donors

The American Red Cross is examining the blood that has come from donations, and is looking for COVID-19 antibodies that will give it ...

Digital Transformation and Business: What Does Its Failure Mean?

Digital transformation is usually a way for businesses to outperform their competitors and get rid of methods that ...

Covaxin: India releases COVID-19 vaccine in August

The whole planet is waiting for the release of the vaccine for coronavirus, while clinical trials have begun in many countries around the world ....

iOS 13.5.1: iPhone users report battery issues

Have you noticed any changes to your iPhone lately? Maybe, for example, the battery runs out quickly ...

Avaddon ransomware: Attacks through Excel 4.0 macros

Microsoft announced yesterday that Avaddon ransomware spread this week through an old technique that came to the fore again. The...

Apple: Prohibits updating Chinese Apps without permission

Apple is banning developers from updating existing apps in China's App Store if they don't have government approval.