CISA and DoD Warn of Sophisticated Threat Actor Wielding New SlothfulMedia Malware
The US Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Defense (DOD) Cyber National Mission Force (CNMF) have revealed that new malware dubbed SlothfulMedia is currently used by a sophisticated threat actor.
The two agencies published details on new malware they called SlothfulMedia, which attackers have already used in many countries, including India, Kazakhstan, Kyrgyzstan, Malaysia, Russia and the Ukraine. A sample of the dropper was uploaded on Virustotal.
“The sample is a dropper, which deploys two files when executed,” reads the announcement. “The first is a remote access tool (RAT) named ‘mediaplayer.exe’, which is designed for command and control (C2) of victim computer systems. Analysis has determined the RAT has the ability to terminate processes, run arbitrary commands, take screenshots, modify the registry, and modify files on victim machines. It appears to communicate with its C2 controller via Hypertext Transfer Protocol (HTTP) over Transmission Control Protocol (TCP).”
The second package is harmless, only designed to delete the dropper after the initial RAT gained persistence and can survive a reboot. If the infection succeeded, a new service named ‘Task Frame’ is created, allowing the RAT to load after reboot.
According to the description, this malware targets Windows devices, and the dropper is a 32-bit executable. The name ‘mediaplayer.exe’ is only there to fool a superficial inspection.
Recommendations from law agencies include keeping antivirus signatures and engines up to date, disabling printer files and sharing services, enforcing a strong password policy, and more.
The law agencies have yet to name the threat actors behind the new malware, but revealing the malware’s signatures and details will help security solutions more easily intercept SlothfulMedia.
The Holiday Guide to Tech Support: Fixing the Family Computer
November 24, 2021
Bitdefender Celebrates 20 Years of Cybersecurity Leadership
November 04, 2021
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords
October 26, 2021
What are drive-by download attacks and how do you prevent them?
October 25, 2021
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks
October 22, 2021
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals
October 20, 2021