DIRECTORY

  • Alerts
  • APTs
  • Blog
  • Books
  • Certifications
  • Cheat Sheets
  • Courses
  • Cyber Briefing
  • CyberDecoded
  • CyberReview
  • CyberStory
  • CyberTips
  • Definitions
  • Domains
  • Entertainment
  • FAQ
  • Frameworks
  • Hardware Tools
  • Incidents
  • Malware
  • News
  • Papers
  • Podcasts
  • Quotes
  • Reports
  • Tools
  • Threats
  • Tutorials
No Result
View All Result
  • Login
  • Register
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
Talk To An Expert
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
No Result
View All Result
Talk To An Expert
CyberMaterial
Home Alerts

XWorm Malware Unleashed by Freeze.rs

August 11, 2023
Reading Time: 2 mins read
in Alerts

Malicious actors have seized upon a legitimate Rust-based injector known as Freeze.rs to unleash the XWorm commodity malware within targeted environments. Fortinet FortiGuard Labs detected this novel attack chain on July 13, 2023, which commences with a phishing email harboring a booby-trapped PDF file.

By exploiting a crypter named SYK Crypter, the attackers also facilitated the introduction of Remcos RAT. Cara Lin, a security researcher, elaborated that this malevolent sequence employs various techniques, including utilizing the ‘search-ms’ protocol to access a remote LNK file via an HTML redirection.

Freeze.rs, an open-source red teaming tool developed by Optiv and released on May 4, 2023, operates as a payload creation tool, adept at evading security measures and executing shellcode covertly. Its mechanisms not only dismantle Userland EDR hooks but also execute shellcode to evade endpoint monitoring controls, as described in a GitHub overview.

In parallel, SYK Crypter has been harnessed to distribute an array of malware families, leveraging a .NET loader within Discord’s content delivery network to pose as benign purchase orders and carry out attacks.

Fortinet’s findings reveal the malware masquerades as PDF files but functions as LNK files that execute a PowerShell script to activate the Rust-based injector, with a misleading decoy PDF document displayed.

In the final phase, injected shellcode is decrypted to launch the XWorm remote access trojan, enabling data harvesting, remote control of the compromised device, and more. This utilization of a three-month-old program in attacks reflects the swift integration of offensive tools by malicious actors to achieve their objectives, underscoring the dynamic landscape of cyber threats. The alliance of XWorm and Remcos RAT forms a potent trojan, with a strong presence targeting Europe and North America, according to Lin’s observations.

Source:
  • Attackers Distribute Malware via Freeze.rs And SYK Crypter
Tags: AlertsAlerts 2023August 2023CyberattackCybersecurityFreeze[.]rsMalwarePhishing EmailsVulnerabilitiesXWorm
3
VIEWS
ADVERTISEMENT

Related Posts

Critical WordPress Plugin Flaws

Critical WordPress Plugin Flaws

September 29, 2023
Cisco Warns of Critical SD-WAN Flaw

Cisco Warns of Critical SD-WAN Flaw

September 29, 2023
Malicious Packages on npm and PyPI

Malicious Packages on npm and PyPI

September 29, 2023
Critical WordPress Plugin Flaws

Critical SharePoint Vulnerabilities Revealed

September 29, 2023

More Articles

Incidents

IT Services Provider Hit by Donut Gang

September 22, 2023
Alerts

Chinese-Language Phishing Campaigns

September 20, 2023
Cyber Briefing

September 21, 2023 – Cyber Briefing

September 21, 2023
Alerts

Lazarus Group Threat to Healthcare

September 22, 2023

Security through data

Cybersecurity Domains

  • API Security
  • Business Continuity
  • Career Development
  • Compliance
  • Cryptography
  • HSM
  • KPIs / KRIs
  • Penetration Testing
  • Shift Left
  • Vulnerability Scan

Emerging Technologies

  • 5G
  • Artificial Intelligence
  • Blockchain
  • Cryptocurrency
  • Deepfake
  • E-Commerce
  • Healthcare
  • IoT
  • Quantum Computing

Frameworks

  • CIS Controls
  • CCPA
  • GDPR
  • NIST
  • 23 NYCRR 500
  • HIPAA

Repository

  • Books
  • Certifications
  • Definitions
  • Documents
  • Entertainment
  • Quotes
  • Reports

Threats

  • APTs
  • DDoS
  • Insider Threat
  • Malware
  • Phishing
  • Ransomware
  • Social Engineering

© 2023 | CyberMaterial | All rights reserved.

World’s #1 Cybersecurity Repository

  • About
  • Legal and Privacy Policy
  • Site Map
No Result
View All Result
  • Alerts
  • Incidents
  • News
  • Audience
    • Cyber Citizens
    • Cyber Professionals
    • Institutions
  • Highlights
    • Blog
    • CyberDecoded
    • Cyber Review
    • CyberStory
    • CyberTips
  • Cyber Risks
    • Alerts
    • Attackers
    • Domains
    • Incidents
    • Threats
  • Opportunities
    • Events
    • Jobs
  • Repository
    • Books
    • Certifications
    • Cheat Sheets
    • Courses
    • Definitions
    • Frameworks
    • Games
    • Hardware Tools
    • Memes
    • Movies
    • Papers
    • Podcasts
    • Quotes
    • Reports
    • Tutorials
  • Report Cyber Incident
  • GET HELP
  • Contact Us

Subscribe to our newsletter

© 2022 Cybermaterial - Security Through Data .

Welcome Back!

Sign In with Google
Sign In with Linked In
OR

Forgotten Password? Sign Up

Create New Account!

Sign Up with Google
Sign Up with Linked In
OR

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.