Phishing, Malware

DBatLoader leveraged in widespread phishing campaign

Share
Unknown vectors haunts ransomware plauybook

Nine phishing attack campaigns leveraging the DBatLoader malware loader, also known as NatsoLoader and ModiLoader, to facilitate the distribution of the Agent Tesla, Formbook, and Rescoms payloads have been launched against small and medium-sized businesses, most of which were in Poland, with others in Italy and Romania also targeted, The Hacker News reports.

Intrusions involved the delivery of phishing emails with malicious RAR or ISO attachments, with the former triggering direct DBatLoader execution and the latter obscuring a Windows batch script with a PEM-encoded certificate revocation list-masquerading DBatLoader executable, an analysis from ESET revealed.

Malicious payloads later retrieved by DBatLoader from hacked servers or Microsoft OneDrive would then enable data exfiltration activities, which would be the foundation of additional illicit activity, ESET researchers said. Such findings follows a Kaspersky report detailing mounting attacks against SMBs due to their limited resources and cybersecurity defenses, with trojans named as the leading threat among such organizations.

Related Terms

Adware

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.