The operators behind these campaigns are using new Coronavirus messages to try to bypass security systems. The trend was first reported by researchers at MalwareHunterTeam about 1 month ago.
c360e6b8ac7e915d745b4c2c80cd56c452b666be55a5a639e59b0091ce531a6c
From “Trump news” to “Coronavirus news”…
cc @VK_Intel @JRoosen pic.twitter.com/vSpz7teAtf— MalwareHunterTeam (@malwrhunterteam) February 19, 2020
Researchers at BleepingComputer reported that the crypters at Trickbot and Emotet are using Coronavirus mechanisms and messages.
These crypters are software used to encrypt, obfuscate and manipulate malware to avoid detection by monitoring solutions that use supervised systems or artificial intelligence to threat detection.
“For example, TrickBot samples seen by BleepingComputer utilizes strings taken from CNN news stories as part of the malware’s file description.” reported BleepingComputer.
Copyright passengers were sent to government quarantine centers Product The restrictions will ban travel to the US from 26 European countries Description Singapore has 187 confirmed cases of the virus Original Name Just because someone who had the coronavirus Internal Name Just this week, the Grand Princess cruise ship docked File Version 1.0.0.1
The investigators also identified artifacts from a CNN news item in information from an Emotet binary disseminated in-the-wild.
These details can be found in the file details as shown in the image below.
According to the researchers, with these new samples, both Emotet and Trickbot can bypass detection mechanisms based on machine learning and artificial intelligence.
During that pandemic period, users should pay attention to all unsolicited emails with a Coronavirus theme.
It should also be noted that hundreds of domains are being registered involving Covid-19. Banking institutions have been the most affected.
Portuguese Language
Os operadores por trás dessas campanhas estão a utilizar novas mensagens relativas ao Coronavírus para tentar efetuar bypass a sistemas de segurança. A tendência foi relatada pela primeira vez por investigadores da MalwareHunterTeam há cerca de 1 mês.
c360e6b8ac7e915d745b4c2c80cd56c452b666be55a5a639e59b0091ce531a6c
From “Trump news” to “Coronavirus news”…
cc @VK_Intel @JRoosen pic.twitter.com/vSpz7teAtf— MalwareHunterTeam (@malwrhunterteam) February 19, 2020
Investigadores da BleepingComputer relataram que os crypters do Trickbot e Emotet estão a utilizar mecanismos e mensagens relativas ao Coronavírus.
Estes crypters são software utilizados para cifrar, ofuscar e manipular o mlaware para evitar a sua deteção por parte de solução de monitorização que usam sistemas supervisionados ou inteligência artificial para detetar ameaças.
“For example, TrickBot samples seen by BleepingComputer utilizes strings taken from CNN news stories as part of the malware’s file description.” reported BleepingComputer.
Copyright passengers were sent to government quarantine centers Product The restrictions will ban travel to the US from 26 European countries Description Singapore has 187 confirmed cases of the virus Original Name Just because someone who had the coronavirus Internal Name Just this week, the Grand Princess cruise ship docked File Version 1.0.0.1
Os investigadores também identificaram artefactos de uma notícia da CNN nas informações de um binário do Emotet disseminado in-the-wild.
Esses detalhes podem ser encontrados nos detalhes do ficheiro como apresentado na imagem abaixo.
Segundo os investigadores, com estas novas amostras, tanto o Emotet como o Trickbot podem realizar bypass a mecanismos de deteção baseados em machine learning e inteligência artificial.
Durante esse período pandémico, os utilizadores devem prestar atenção a todos os emails não solicitados com tema de Coronavírus.
De notar ainda que centenas de domínios estão a ser registados envolvendo o Covid-19. Instituições bancárias têm sido as mais afetadas.