New Multi-Functional Malware ‘Byakugan’ Unleashed via Phishing
In a series of escalating cyber threats, a new multi-functional malware named Byakugan has surfaced. Cybersecurity experts at Fortinet FortiGuard Labs and AhnLab Security Intelligence Center (ASEC) have exposed how attackers use bogus installers for Adobe Acrobat Reader to unleash this potent threat. The campaign ignites with a Portuguese PDF file prompting victims to click a link, which sets off an intricate attack sequence.
FortiGuard Labs reports that once someone clicks the URL, a process involving file creation, DLL hijacking, and UAC bypass activates Byakugan. The malware adeptly combines both legitimate and malicious components, rendering it more evasive. It can handle a variety of sinister tasks including desktop monitoring, cryptocurrency mining, and data theft. Byakugan’s key capabilities underscore a worrying trend of sophisticated, multi-purpose malware.
ASEC’s findings extend the narrative, explaining the phasing of the malware execution process that culminates in collecting PC information and connecting with a command and control server. They caution users about running files from unofficial sources, a critical reminder in an era where digital savvy can mean the difference between safety and compromise.
Meanwhile, recent discoveries by AhnLab also shed light on the cunning Rhadamanthys malware, hidden as a groupware installer via a fake website. The malware, armed with the indirect syscall technique, stealthily evades security solutions, and ferrets through systems for user information.
Adding to the onslaught, another threat actor altered a Notepad++ version, circulating WikiLoader malware. This malicious mimeTools.dll, once a default plugin, now serves darker motives. It injects Shell Code into the explorer.exe post decryption, obfuscating its nefarious activities from unsuspecting users.
In response, cybersecurity agencies are doubling down on defenses and issuing stern warnings about software downloads from unofficial sources. FortiGuard Labs and ASEC have provided various Indicators of Compromise (IOCs), crucial for detecting and responding to these insidious threats.
As the cyber battlefield grows more complex, these incidents call for heightened vigilance. Individuals and organizations must meticulously vet their software sources and stay informed through outlets like AhnLab’s thorough analyses. Practice good cybersecurity hygiene — it is not just advisable, it is indispensable in safeguarding against the digital unknown.
If you enjoyed this article, please check out our other articles on CyberNow