6.5 C
New York
Wednesday, June 16, 2021

Malicious code: Talos experts warn against RAM-based network

Talos security experts have pointed out a new malware campaign in which the malicious code is not immediately detected by virus scanners. Because the attack avoided it largely to access the local permanent memory.

Must Read

Kamal Saini
Kamal S. has been Journalist and Writer for Business, Hardware and Gadgets at Revyuh.com since 2018. He deals with B2b, Funding, Blockchain, Law, IT security, privacy, surveillance, digital self-defense and network policy. As part of his studies of political science, sociology and law, he researched the impact of technology on human coexistence. Email: kamal (at) revyuh (dot) com

The malware itself is listed as Divergent. On the users’ computers, the malicious code came through corresponding scripts, which were either integrated into websites via advertising networks or insecure backends. The code itself will then nest in the main memory and avoid writing files to the hard disk or SSD – because this would mean that existing virus scanners would quickly become aware of the unexpected activities. Instead, the malicious code gets out of RAM and loads various components from here as well.

These include, among others, the Node.js framework, which makes it possible to get javascript scripts running outside of the browser. The malware also relies on WinDivert, an open source tool for intercepting and modifying data packets in networks. Reloaded components then ensure, among other things, that active virus scanners are switched off as far as possible, before eventually writing something into the file system.

Always up to date

The malware modules on the computer then ensure that the computer can serve as a proxy system for various tasks, which then bring the operators money. Among other things, they perform click fraud. However, other activities may already have taken place – after all, traces of malware can be traced back to last February.

Accordingly, it is not a big disadvantage for the operator that the malicious code after switching off the computer is no longer available – because it ensures that basically only current variants are used, which always do the tasks currently pending and not one Pursue employment that has long since stopped contributing. The analysis by the security experts now makes it possible to insert suitable signatures into the AV databases – but it should soon come to the distribution of new versions that are no longer recognized directly.

Via | Divergent

- Advertisement -


Please enter your comment!
Please enter your name here

- Advertisement -

Latest News

Scientists find out who is at higher risk of re-infection with COVID

Those who have suffered a severe covid, as well as people with weakened immune systems, should exercise maximum vigilance. Experts...
- Advertisement -

More Articles Like This

- Advertisement -