Pages

Researchers Discover Dangerous Malware That Can’t Be Detected By 50+ Antivirus Products

There is a new alarm being signaled by researchers in the digital market regarding malware. And it’s interesting to note how it carries the ability to cross more than 50 anti-virus products without being detected.

This new warning was recently generated thanks to cybersecurity experts hailing from Unit 42. Here is where one intelligence team hailing from the firm Pala Alto first spoke about the strain last May. During that time, the malware was believed to be making use of a tool called Brute Ratel.

On the other hand, there were also some reports about how engineers working at BRC4 managed to use reverse engineering technology to prevent its tool from being detected.

Now, it is being revealed how the virus is definitely not an easy one to detect, taking into consideration its massive speed and design quality which was assessed from vulnerable victims’ endpoints.

And now, there are great speculations by research analysts that such malware doesn’t arise singlehandedly. Instead, they only come through state-sponsored actors that come up with such dangerous campaigns.

If you think the tool alone was capable of mega destruction, well, a number of researchers had a keen interest to see what was its actual path of causing destruction. And that’s when they found plenty of hints leading to sponsored actors playing an imminent role.

As of recently, security experts claim the malware arises in the form of fake CV documentation that comprises ISO files. Once this particular file gets mounted across virtual drives, the end result comes in the form of an actual document of Microsoft Word.

The latest updates we have stated how so many researchers are still unsure about what the real origin of such activity actually is and which threat actor can be blamed for BRC4. Meanwhile, some speculations have arisen about how the threat actors could be based in Russia, while other reports do go as far as pinpointing APT29 as the actual culprit.

The Russian threat actor has been dubbed Cozy Bear and there is enough evidence from the past that shows how it’s been making use of weaponizing ISOs previously too.

Another recently discovered hint that potentially proves links to potential state-sponsored actors is related to the great speed at that we see BRC4 getting leverage. Interestingly, its ISO was made on the same day as the BRC4’s latest design got published.

This is probably a good reason why so many security analysts are going one step further so they can try and detect this malware while asking others to take measures that provide ample security against this tool.


Read next: Study Shows Traditional Protection Tools Have 60% Failure Rate Against Ransomware

No comments: