This invisible rootkit threat stores scripts in the Windows Registry and can hide malicious files and tasks behind this prefix—what you need to know.
There is no shortage of critical warnings as cyberattacks turn up the heat with Medusa ransomware requiring immediate action fromhas now emerged. But what about the threats you can’t see? Security researchers have unmasked a campaign using bothand malicious download s as the starting point for what quickly turns into an invisible rootkit attack that can cloak any malicious file, task or Windows registry entry that uses one specific prefix.
Here’s what you need to know and do.As if Windows users need any more bad news on the security front, following a Microsoft 365 attack campaign that canalready dropping in March, now comes a report detailing how the Obscure#Bat malware campaign employs obfuscated batch scripts and ultimately deploys a user-mode rootkit that can hide all files and processes behind one specific prefix. What makes Obscure#Bat especially dangerous is the ability to hide files, registry entries, and running processes using user-mode application programming interface hooking, Den Iuzvyk and Tim Peck, security researchers at Securonix Threat Research, said indetailing the attack methodology. “Any artifacts matching a specific pattern become invisible to standard Windows tools like Task Manager, Explorer,” they warned, along with “shell commands such as dir to list directory contents.” Combine this with the malware’s ability to interact with critical system processes, and you get something particularly nefarious that can embed itself deep into legitimate Windows processes and services. “Security logs indicate it is capable of deleting evidence of its activity while remaining undetectable by conventional methods,” the researchers added.Iuzvyk and Peck said that they had observed different methods being employed by the attackers to trick victims into executing the malicious batch file required to start the dangerous chain of events this rootkit requires. These included social engineering scams using a fake CAPTCHA test as well as legitimate tooling, including VoIP and Adobe software, along with messaging clients. “Unfortunately, we were not able to obtain any information as to the download links,” the researchers said, “though we speculate that malvertising could have been an initial starting point.” One constant is that once executed, the rootkit will prevent the visibility of any files, processes or registry keys that have a “$nya-” prefix. The researchers identified the malware being used in the Obscure#Bat campaign as being an open-source ring-3 rootkit known as r77 that can avoid kernel modifications and uses registry and scheduled tasks for persistence. “Being user-mode, it evades many traditional kernel-based security tools,” Iuzvyk and Peck said. To mitigate the threat, Windows users should “maintain vigilance against social engineering, malvertising, and fake captcha scams that trick users into executing code,” the advisory said, along with inspecting batch files in a text editor before executing them. I have approached Microsoft for a statement.
Windows Security Obscure#Bat Securonix Rootkit Malware CAPTCHA Hidden Files Malicious Download
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
The Invisible Majority: The Lack of Black LGBTQ+ Representation in Mainstream MediaThis article explores the issue of underrepresentation of Black LGBTQ+ individuals in mainstream film and television, despite the growing popularity of LGBTQ+ narratives. It highlights the dominance of straight white men in the genre and calls for greater inclusivity and diversity in storytelling.
Read more »
Ahead of Her MCU Debut, Invisible Woman's Powers Are Reaching New Heights Thanks to MarvelSue is powerful, precise, and brilliant.
Read more »
Visible symptoms of an invisible epidemic.Signs and symptoms of domestic violence in the workplace are visible if we know what to look for and where to look.
Read more »
The Invisible Gorilla Experiment can help.Missing the gorilla in the room? This eye-opening article teaches how cognitive blind spots prevent us from truly knowing others and explains how to see them for who they are.
Read more »
Implantable hearing aids: an invisible solution for an invisible disabilityBrent Lucas, CEO of Envoy Medical, discusses hearing loss as an 'invisible disability,' the rise of fully implanted hearing devices, and how Apple’s AirPods Pro 2 is shaking up the industry.
Read more »
The invisible parts of psychodynamic therapeutic work.Anyone can talk to you and nod—do you really need a therapist for that? Here are 15 things I’m doing during a session.
Read more »