1 min read

Javascript Malware Dropper Used to Deploy Multiple Malware Families, Research Finds

Silviu STAHIE

November 25, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Javascript Malware Dropper Used to Deploy Multiple Malware Families, Research Finds

Security researchers have identified a new malware dropper that was dubbed RATDispenser because it can be used to drop various malware families and can be deployed under a a malware-as-a-service business model.

Infecting a device is complicated, especially when the user has security deployed. Modern malware usually arrives through third-party tools, named droppers, which security solutions are less likely to detect as malicious. Even so, getting past a security solution is challenging, so attackers use obfuscation techniques to try to trick the protection.

RATDispenser, one such dropper, was identified by security researchers from the HP Threat Research team.

“RATDispenser is used to gain an initial foothold on a system before launching secondary malware that establishes control over the compromised device,” said the team. “Interestingly, our investigation found that RATDispenser is predominantly being used as a dropper (in 94% of samples analyzed), meaning the malware doesn’t communicate over the network to deliver a malicious payload.”

“The variety in malware families, many of which can be purchased or downloaded freely from underground marketplaces, and the preference of malware operators to drop their payloads, suggest that the authors of RATDispenser may be operating under a malware-as-a-service business model,” they added.

Uses are infected through the usual route, meaning they open the attachment from an email and run a Javascript that eventually downloads a malware payload. The script is deleted if all the steps have been completed.

What differs somewhat about this dropper is the number of possible payloads, which include STRRAT, WSHRAT, AdWind, Formbook, Remcos and Panda Stealer, to name a few. The team also published a complete list of indicators of compromise.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Phishers Targeting Victims with ‘Free’ PCR Test for Omicron COVID-19 Variant Phishers Targeting Victims with ‘Free’ PCR Test for Omicron COVID-19 Variant
Filip TRUȚĂ

December 03, 2021

2 min read
WordPress Plugin Vulnerability Affected More than 80,000 Websites; Patch Is Now Out WordPress Plugin Vulnerability Affected More than 80,000 Websites; Patch Is Now Out
Silviu STAHIE

December 03, 2021

1 min read
Man charged with Ubiquiti data breach and extortion was employee assigned to investigate hack Man charged with Ubiquiti data breach and extortion was employee assigned to investigate hack
Graham CLULEY

December 03, 2021

2 min read