The cybercrime world is witnessing the addition of Malware Meal Kits in its arsenal. These kits allow low-level threat actors to create sophisticated exploits with all the power they need without breaking their banks.
According to HP’s quarterly Wolf Security Threat Insights Report, these pre-packaged malware, aptly dubbed ‘malware meal kits’, are empowering low-level attackers to sidestep detection and compromise unsuspecting users.
The Malware Meal Kits Phenomenon
Senior Malware Analyst at HP, Alex Holland, emphasizes how threat actors today can effortlessly acquire these user-friendly malware meal kits to execute system infections with just a single click.
Instead of developing their tools, low-level cybercriminals can now access pre-packaged malware that employ stealthy in-memory tactics, making them harder to detect due to security tool exclusions for administrative use, like automation.
HP’s research also brought to light a cunning tactic employed by attackers – the hosting of counterfeit malware-building kits AKA fake malware Meal Kits on platforms like GitHub. These repositories deceive beginner threat actors who are venturing out in exploit creation.
“Our investigation found numerous code repositories on GitHub, the source code hosting platform, claiming to
contain the full XWorm kit. But these projects are in fact booby-trapped with malware”, reads HP Wolf Security Threat Insights Report Q3 2023.
These fake malware Meal Kits eventually deceive them, leading them to unwittingly infect their machines. Among these, the notorious XWorm kit is touted on underground markets for as much as USD 500, driving resource-strapped cybercriminals to resort to purchasing counterfeit versions.
The report highlights a surge in Remote Access Trojan (RAT) activity. One such instance in July implicated an increase in Microsoft Office files contaminated with a RAT known as Remcos, initially appearing in 2016. Many of these malicious files originate from fraudulent websites established by the threat actors.
Another rising RAT-based campaign is Houdini, which conceals Vjw0rm JavaScript malware. This 10-year-old VBScript-based RAT is now easily accessible, exploiting OS-based scripting features.
Adapting to the Changing Landscape
While Microsoft’s plans to deprecate VBScript may signal a reprieve from threats like Houdini and Parallax, Alex Holland predicts that attackers will pivot towards alternative formats that continue to be supported on Windows, such as PowerShell and Bash.
Furthermore, attackers are expected to employ popular obfuscation techniques to outsmart endpoint security using these coding languages.
To mitigate the risk posed by these pre-packaged malware meal kits, businesses are advised to implement measures that isolate high-risk activities like opening email attachments, clicking on links, and downloading files. By doing so, they significantly reduce the attack surface and bolster their defenses.
Since the emergence of ‘malware meal kits’ represents a concerning trend in the world of cybercrime, enabling low-level attackers to execute sophisticated attacks with minimal effort, cybersecurity experts have advised to follow the latest updates, and avoid falling for sophisticated phishing techniques.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.