EXECUTIVE SUMMARY:

IT and security leaders have come to realize that they need to alter the way in which they prepare for tomorrow. The swift evolution of technologies, best practices, threat intelligence and cyber attacks makes staying up on the latest security trends an absolute must.

To help you shape your security approach and remain ahead of threats, we’ve rounded up information about new malware that could mangle your machines. Hackers are continually finding new mechanisms for establishing persistence, executing malicious content, and achieving their own objectives.

Find out about what researchers are seeing in the wild right now.

5 mysterious new malware that could burn your business

1. PlugX malware. A variant of the PlugX malware can now hide malicious files on USB devices. When the USB is plugged in, the files infect the Windows machines that the USB connects to.

Cyber security researchers say that a novel technique enables the malware to remain undetected for long periods, and that it can potentially spread to air-gapped systems.

At this time, most antivirus engines do not flag the problematic file as malicious. For older variants of PlugX, the detection rate is nine out of 61 security products.

The uber recent samples of PlugX malware are detected by even fewer systems. One of them is flagged by just three products on the Virus Total platform.

2. PoS malware. New versions of Prilex point-of-sale malware can block secure, contactless credit card transactions. As the consumer attempts to pay for a coffee, for example, the contactless transaction fails, and the consumer must then insert their credit card into a machine, at which point the malware steals payment information.

One interesting feature seen for the first time in the latest Prilex variants is its ability to filter out unwanted credit cards and to only capture information from specific card types and tiers. Consumers have limited ability to protect themselves from point-of-sale malware, like Prilex, as there’s no easy way to assess whether or not a payment terminal is infected.

3. HeadCrab malware. This new malware is designed to hunt down vulnerable Redis servers. It has infected over a thousand of them so far. Because the malware is primarily based on Redis processes, it’s unlikely to be flagged as malicious by security solutions.

“This advanced threat actor utilizes a state-of-the-art, custom-made malware that is undetectable by agentless and traditional anti-virus solutions to compromise a large number of Redis servers,” say cyber security researchers Nitzan Yaakov and Asaf Eitani.

During malware analysis, the researchers found that the attackers used mining pools hosted on previously compromised servers to obfuscate attribution and detection.

4. Python RAT malware. A new Python-based malware sports remote access trojan (RAT) capabilities, meaning that operators can gain control over breached infrastructure. The RAT relies on the WebSocket protocol to communicate with the command and control (C2) server and to steal data from the host.

Researchers say that the malware “leverages Python’s built-in Socket.IO framework, which provides features to both client and server WebSocket communication.” The channel is used for communication and data exfiltration.

5. Nevada ransomware. A new version of Nevada Ransomware has emerged. The ransomware features a Rust-based locker, real-time negotiation chat portals, and separate domains in the Tor network for affiliates and victims.

The Nevada ransomware variant that targets Windows machines is executed via console and supports a set of flags that give its operators some control over the encryption.

An interesting characteristic of the Nevada ransomware is the set of system locales that it spares from encryption. In many instances, ransomware gangs exclude victims in Russian and CIS (Commonwealth of Independent States) countries. In the case of the Nevada ransomware, the list extends to Albania, Hungary, Vietnam, Malaysia, Thailand, Turkey and Iran.

The payload aims to collect information about network resources, adding shared directories in the encryption queue.

Further thoughts

Could your organization become more resilient? In response to relentless malware threats, explore resources such as:

Lastly, to receive the latest malware headlines in your inbox each week, please sign up for the CyberTalk.org newsletter.