Marap Malware Appears, Targeting Financial SectorMarap Malware Appears, Targeting Financial Sector
A new form of modular downloader packs the ability to download other modules and payloads.
August 18, 2018
Researchers have detected a new modular downloader in large campaigns primarily hitting financial institutions, where it may be planting the seeds for future compromise.
Proofpoint experts first observed multiple large email campaigns, each consisting of millions of messages, earlier this month. They noticed all led to the same "Marap" malware and shared common features with earlier campaigns linked to the threat actor TA505. The emails contained Microsoft Excel Web Query files, password-protected ZIP files containing the Query files, PDFs with embedded Query files, and Word documents containing macros.
Researchers say the modular nature of Marap lets actors add new capabilities or download additional modules after a system is already infected. They have so far seen it download a system fingerprinting module that performs reconnaissance, they write in a blog post.
This malware, the researchers' report continues, is part of a growing trend of small, versatile malware which gives attackers more flexibility to launch attacks and detect systems that could lead to more damaging compromise.
Read more details here.
Learn from the industry's most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Early bird rate ends August 31. Click for more info.
About the Author(s)
You May Also Like
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
Everything You Need to Know About DNS AttacksNov 30, 2023