Saturday, February 20, 19:44
Home security Russian hackers hide Zebrocy malware in virtual disk images

Russian hackers hide Zebrocy malware in virtual disk images

Russian hackers behind Zebrocy malware have changed their technique of delivering malware to high-profile victims and started installing malware on Virtual Hard Drives (VHD) to prevent detection.

The technique was detected in some recent spear-phishing campaigns by the APT28 team (Fancy Bear, Sofacy, Strontium, Sednit) which was trying to infect systems with a variation of the Zebrocy tool.

Zebrocy malware

New variants of Zebrocy are not easily detected

Zebrocy is available in many programming languages ​​(AutoIT, C ++, C #, Delphi, Go, VB.NET). For her recent campaigns, the team chose the Golang based version instead of the more common Delphi version.

Windows 10 supports native VHD files and can be attached as external drives to allow users view files internally. Last year, researchers security discovered that the antivirus do not control the contents of the VHD until the disc images are loaded.

Intezer researchers discovered in late November a VHD uploaded to the Virus Total scanning platform from Azerbaijan. Inside the image was a file PDF and executable who represented the document of Microsoft Word, which was Zebrocy malware.

The PDF is a presentation about Sinopharm International Corporation, a Chinese pharmaceutical company currently in the testing phase for a vaccine for COVID-19.

The Zebrocy variant in the VHD file is new and not easily detected by Virus Total. However, Intezer analysis showed that the new Zebrocy is genetically similar to a Delphi variant used a year ago in a campaign against some objectives in Azerbaijan.

Source of information:


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehc
Be the limited edition.


Google Assistant: How can you delete your recordings?

Google Assistant can make your daily life much easier. However, it also involves some privacy issues, as ...

Microsoft: Office 2021 / Office LTSC coming in the second half of 2021

Microsoft announced that the Microsoft Office Long Term Service Channel (LTSC) and Office 2021 will be released in 2021, for ...

How to quickly create QR codes with Bing

If you ever need to create a QR code, but you do not know how, Microsoft has an easy-to-use tool available in any program ...

Brave: Onion addresses leaked to DNS traffic

The Tor function included in the Brave web browser, allows users to access .onion dark web domains within ...

What are the 6 most known attacks on gaming companies?

A few days ago, the gaming company Big Huge Games informed the players that it was the victim of an attack, which affected its data ...

Xbox gift cards are sold at a 10% discount on Amazon

Xbox owners can save some money on games, add-ons, subscriptions and more if they buy Xbox gift cards at ...

Perseverance: NASA spacecraft lands on Mars!

The spacecraft "Perseverance" successfully landed yesterday, shortly before 11 pm Greek time on Mars. Aim of this mission of ...

YouTube: You can play 4K videos on devices with low resolution screens

Youtube application on Android allows you to play videos up to 4K resolution. All you need is a phone with ...

Top positions Software Engineering and coding skills for 2021

Due to COVID-19, recruitment efforts and employment opportunities fell sharply last year. However, the technology industry has proven to be more resilient ...

Phishing emails: How to recognize them and how to protect yourself? Το phishing είναι ίσως η μεγαλύτερη απειλή στον κυβερνοχώρο εδώ και περισσότερα από πέντε χρόνια. Γι΄...