Newly emergent malware loader BabbleLoader has been leveraged by threat actors to facilitate covert Meduza and WhiteSnake information-stealing malware compromise among English and Russian-speaking business professionals and other individuals searching for cracked software, reports The Hacker News.
Aside from utilizing junk code and conducting metamorphic transformations, BabbleLoader also exploits a plethora of other techniques, including unique control flow and encryption, to conceal malicious activities from traditional and artificial intelligence-based detection systems, according to an Intezer analysis. "The better that the loaders can protect the ultimate payloads, the less resources threat actors will need to expend in order to rotate burned infrastructure. BabbleLoader takes measures to protect against as many forms of detection that it can, in order to compete in a crowded loader/crypter market," said Intezer security researcher Ryan Robinson. Such findings come on the heels of a novel LodaRAT version reported by Rapid7 researchers to enable browser cookie and credential theft, as well as additional malware compromise.
