Windows devices have been targeted with attacks involving the novel CoffeeLoader malware that masquerades as Taiwanese computer hardware firm ASUS's Armoury Crate utility to covertly distribute the Rhadamanthys information-stealing malware and other malicious payloads, Cybernews reports.
Aside from using Armoury Packer to execute code on devices' graphics cards and evade detection by security software, CoffeeLoader which initially emerged in September also ensures stealth by utilizing Call Stack Spoofing and Sleep Obfuscation capabilities, with the latter potentially activated through the exploitation of Windows fibers, according to findings from Zscaler. While CoffeeLoader was found to have significant technical overlaps with the most recent iteration of the SmokeLoader malware unveiled in December, additional evidence is still needed to establish an association between both payloads, said Zscaler researchers. "At the present time, it is too early to determine whether CoffeeLoader is the next version of SmokeLoader or whether these overlaps are a coincidence," researchers added.
