1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Criminals are using a virtual hard disk image file to host and di

    From TechnologyDaily@1337:1/100 to All on Thu Mar 20 11:30:08 2025
    Criminals are using a virtual hard disk image file to host and distribute dangerous malware

    Date:
    Thu, 20 Mar 2025 11:14:37 +0000

    Description:
    Virtual disk files allow cybercriminals to bypass security protections.

    FULL STORY ======================================================================Forcepoi nt observes new phishing campaign distributing virtual hard disk files The files bypass security protections to deploy the VenomRAT Victims end up
    losing sensitive data, so be on your guard

    Criminals are now using virtual hard disk image files to host and distribute dangerous malware , researchers from Forcepoint are saying.

    In an in-depth analysis, Forcepoint said it observed a phishing campaign, themed as a purchase order. In the attachment of the email is an archive which, when extracted, shows a hard disk Image file (.VHD).

    When the victim opens the file, it mounts itself as a hard drive, and runs a batch script that includes a series of obfuscations including garbage characters, Base64 and AES encryption files. The .BAT file drops the Venom Remote Access Trojan (RAT) and spawns a PowerShell script that uses the Pastebin service to host C2 and exfiltrate stolen data. Working around security solutions

    Forcepoints Prashant Kumar said the threat actors opted for a VHD file to
    work around any email security, or endpoint protection solutions the target may have installed on their device.

    Threat actors always like to find new ways to deliver malware undetected to target large communities, Kumar said. Ill cover a current technique threat actors use to bypass security measures, deliver malware, infect systems and exfiltrate dataall by using a virtual hard disk image file to host and distribute the VenomRAT malware.

    VenomRAT is a type of Trojan that allows cybercriminals to take full control of an infected system. Once installed, it enables attackers to execute commands remotely, steal sensitive information, and manipulate the victim's computer without their knowledge. It is commonly used for keylogging and extracting saved credentials from web browsers and applications.

    This malware is also capable of capturing screenshots and activating webcams, employs various persistence mechanisms, and can deploy additional malware. Because of its powerful capabilities, VenomRAT is often distributed through phishing emails, malicious downloads, and exploit kits that target system vulnerabilities. You might also like Thousands of WordPress sites targeted with malicious plugin backdoor attacks We've rounded up the best password managers Take a look at our guide to the best authenticator app



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/criminals-are-using-a-virtual-hard-disk -image-file-to-host-and-distribute-dangerous-malware


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)