1 min read

CISA and DoD Warn of Sophisticated Threat Actor Wielding New SlothfulMedia Malware

Silviu STAHIE

October 06, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
CISA and DoD Warn of Sophisticated Threat Actor Wielding New SlothfulMedia Malware

The US Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Defense (DOD) Cyber National Mission Force (CNMF) have revealed that new malware dubbed SlothfulMedia is currently used by a sophisticated threat actor.

The two agencies published details on new malware they called SlothfulMedia, which attackers have already used in many countries, including India, Kazakhstan, Kyrgyzstan, Malaysia, Russia and the Ukraine. A sample of the dropper was uploaded on Virustotal.

“The sample is a dropper, which deploys two files when executed,” reads the announcement. “The first is a remote access tool (RAT) named ‘mediaplayer.exe’, which is designed for command and control (C2) of victim computer systems. Analysis has determined the RAT has the ability to terminate processes, run arbitrary commands, take screenshots, modify the registry, and modify files on victim machines. It appears to communicate with its C2 controller via Hypertext Transfer Protocol (HTTP) over Transmission Control Protocol (TCP).”

The second package is harmless, only designed to delete the dropper after the initial RAT gained persistence and can survive a reboot. If the infection succeeded, a new service named ‘Task Frame’ is created, allowing the RAT to load after reboot.

According to the description, this malware targets Windows devices, and the dropper is a 32-bit executable. The name ‘mediaplayer.exe’ is only there to fool a superficial inspection.

Recommendations from law agencies include keeping antivirus signatures and engines up to date, disabling printer files and sharing services, enforcing a strong password policy, and more.

The law agencies have yet to name the threat actors behind the new malware, but revealing the malware’s signatures and details will help security solutions more easily intercept SlothfulMedia.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials
Silviu STAHIE

November 26, 2021

1 min read
Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group
Filip TRUȚĂ

November 26, 2021

1 min read
Couple arrested for secretly installing cryptomining software on department store PCs Couple arrested for secretly installing cryptomining software on department store PCs
Graham CLULEY

November 26, 2021

1 min read