Malware campaign attempts abuse of defender binaries

6 May 2024

We are investigating a ransomware campaign that abuses legitimate Sophos executables and DLLs by modifying their original content, overwriting the entry-point code, and inserting the decrypted payload as a resource – in other words, impersonating legitimate files to attempt to sneak onto systems. A preliminary check indicates that all the affected Sophos files were part of the 2022.4.3 version of our Windows Endpoint product.

Source: SC Magazine

Date:

6 May 2024

Categorie(s):

NEWS

Tag(s):

IT, Malware, News, Ransomware

Week in review: New Black Basta’s social engineering campaign, passing the CISSP exam in 6 weeks19 May 2024
Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide19 May 2024
Enhanced Security for Enterprises: Google Launches Google Threat Intelligence19 May 2024
Hackers Exploiting Docusign With Phishing Attack To Steal Credentials19 May 2024
Why a ‘Frozen’ Distribution Linux Kernel Isn’t the Safest Choice for Security19 May 2024