ShadowTalk hosts Stefano, Adam and Dylan bring you the latest in threat intelligence. This week they cover:
- QBot drops Prolock for Egregor ransomware
- IoT new regulations
- Black Friday threats and opportunities
- Plus: The team discuss the malware name of the week
CRAT malware updated with new capabilities
Security researchers published their analysis of a newly identified version of the “CRAT” malware, which has been updated with additional plugins. Earlier versions of CRAT had limited information-stealing capabilities, but these new plugins enable keylogging, screen capture, clipboard monitoring, and a ransomware module named “Hansom” has also been added. These updates allow the operators of CRAT to perform cyber espionage and extortion for financial gain, likely bolstering the threat posed by CRAT and aligning with the ongoing trend of associations between remote access trojans (RATs) and ransomware tools.
TrickBot turns 100
The high-profile TrickBot trojan has been further updated with new features that enable it to evade detection. This reportedly marks the hundredth version of the tool, which has been consistently updated by its operators since its emergence in 2016. TrickBot’s new features enable it to inject its dynamic link library (DLL) into legitimate Windows processes, using a technique known as “Doppel Hollowing” (aka doppelganging), which uses these legitimate processes as containers for malicious code to aid obfuscation.
Zero-day vulnerability puts VMWare products at risk
The network solutions company VMWare released a security advisory that warned of a zero-day vulnerability affecting six of its products. Tracked as CVE-2020-4006, the issue is a command injection vulnerability that could allow a malicious actor to execute commands with unrestricted privileges on a targeted operating system. The vulnerability was given a CVSS score of 9.1, making it critical, and there is currently no patch. VMWare has released workarounds that administrators are advised to implement.
For more details, read the full Weekly Intelligence Summary here: