The Double-Clean-App Technique Explained
The Dragon Breath APT group is known for its sophisticated cyber-attacks on a wide range of industries, including the gambling industry. Recently, security researchers have uncovered the group’s latest technique: the use of the double-clean-app method to evade detection and infiltrate targeted networks.
The double-clean-app technique involves the use of two different types of malware, both designed to evade detection by traditional antivirus software. The first piece of malware is a “clean” version that appears harmless to security systems. It is often disguised as a legitimate application or file, such as a PDF document or a Microsoft Office file.
Once the clean malware is downloaded and executed, it then downloads a second, more malicious piece of malware.
Content was cut in order to protect the source.Please visit the source for the rest of the article.
“The attack is based on a classic side-loading attack, consisting of a clean application, a malicious loader, and an encrypted payload, with various modifications made to these components over time,” said Sophos researcher Gabor Szappanos. “The latest campaigns add a twist in which a first-stage clean application ‘side’-loads a second clean application and auto-executes it. The second clean application side-loads the malicious loader DLL. After that, the malicious loader DLL executes the final payload.”
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: