Cybersecurity researchers have uncovered a new threat in the form of ASMCrypt, a crypter and loader, which is being sold by threat actors as an advanced iteration of the DoubleFinger malware.
ASMCrypt’s primary function is to discreetly load the final malicious payload, all while avoiding detection by antivirus and endpoint detection and response (EDR) systems.
This technique is employed to enhance the stealth and effectiveness of malware delivery. The emergence of ASMCrypt underscores the continuous evolution of cyber threats and the increasing sophistication of malicious actors.
In their analysis, cybersecurity experts from Kaspersky detailed that DoubleFinger was the precursor to ASMCrypt and had previously been used in propagating GreetingGhoul, a cryptocurrency-stealing malware, across Europe, the United States, and Latin America.
ASMCrypt allows its buyers to establish contact with a backend service over the TOR network, employing hard-coded credentials. This enables threat actors to tailor and build their choice of payloads, thereby making ASMCrypt a versatile tool for various cyber campaigns.
The use of loaders has gained popularity among cybercriminals as it offers a means of delivering malware while evading security defenses. These loaders, including Bumblebee, CustomerLoader, and GuLoader, are increasingly being leveraged for initiating ransomware attacks, data breaches, and other malicious activities.
The evolution of these tools, such as GuLoader transforming into TheProtect, highlights the adaptability and sophistication of cyber threat actors. This constantly evolving landscape presents an ongoing challenge to cybersecurity experts and organizations striving to protect their networks from advanced threats.
