The rootkits are potent tools but carry a high risk of being detected because the rootkits work in the kernel-mode, and each critical bug leads to BSoD. In general, the main goal of the rootkits is to hide itself and other modules of the hosted malware on the kernel layer. One of the most used techniques for hiding malicious activity is using rootkits. At the end of the deployment, two processes (workers) execute malicious activities received from well-concealed C&C servers.Īs we mentioned in the first post, every good malware must implement a set of protection, anti-forensics, anti-tracking, and anti-debugging techniques. In short, the installer misuses Windows System Event Notification Service (SENS) for the malware deployment. In most cases, the PurpleFox campaign is used to exploit vulnerable systems where the exploit gains the highest privileges and installs the malware via the MSI installer.
There is no doubt that malware has been released for profit, and all evidence points to Chinese territory. The main observed roles of the malware are Cryptojacking and DDoS attacks that are still popular.
In the first post DirtyMoe: Introduction and General Overview of Modularized Malware, we have described one of the complex and sophisticated malware called DirtyMoe.
0 kommentar(er)
