Malware Coders Find the Perfect Technique to Help RATs Avoid Detection
Security Update : Security firm SentinelOne discovered a new technique leveraged by malware coders that are hiding the most dangerous parts of RATs (Remote Access Trojans) inside the OS memory and are using PNG files as configuration files.
Researchers first observed the technique in a series of state-sponsored attacks against Asian countries. The malware along which it was used with is NanoCore (also known as Nancrat), an RAT first detected in the spring of 2014.
For this campaign, this threat was distributed as an EXE file that, when launched into execution, would extract a second EXE. Only the first EXE was stored on disk, containing no malicious behavior while the second EXE was injected into the system memory with the help of an encrypted DLL and a series of PNG files.
According to the read more)