Hackread reports that organizations and individuals in the U.S., Canada, Germany, and the UK have been mainly targeted by the nascent OBSCURE#BAT malware campaign, which spreads malicious payloads via social engineering and counterfeit software downloads.
Attackers behind the OBSCURE#BAT use fake CAPTCHAs in typosquatted domains and spoofed software to lure targets into executing malware that not only establishes scheduled tasks but also performs Windows Registry alterations to allow operation following system rebooting, according to an investigation from Securonix Threat Labs. Malicious activity is then obscured by the malware through a user-mode rootkit.
Additional techniques utilized by the malware campaign to evade detection include API hooking that enables file, registry entry, and running process concealment; registry manipulation through fake driver registration; and clandestine logging activities.
Defending against the OBSCURE#BAT campaign requires downloading software only from legitimate sites, leveraging endpoint logging and threat detection tools, and tracking suspicious system activity, said researchers.
