Threat actors associated with the Black Basta ransomware gang have sought to exfiltrate credentials and distribute the SystemBC malware dropper in attacks part of an ongoing social engineering campaign, according to The Hacker News.
Intrusions commenced with email bomb delivery and phone calls luring targets into downloading AnyDesk to facilitate the deployment of next-stage information-stealing payloads, including the AntiSpam.exe executable and SystemBC loader, a report from Rapid7 showed. Such findings follow an eSentire report detailing phishing attacks leveraging the Ande Loader to enable Obj3ctivity Stealer compromise. "The malware's distribution through obfuscated and encrypted scripts, memory injection techniques, and the ongoing enhancement of Ande Loader with features like anti-debugging and string obfuscation underscore the need for advanced detection mechanisms and continuous research," said eSentire. Another study from ReliaQuest noted SocGholish, also known as FakeUpdates, GootLoader, and Raspberry Robin as the most prevalent malware loaders so far this year, with GootLoader dislodging QakBot in the top three.