New AsyncRAT & 3LOSH Crypter Malware Campaigns

  |  Source: 
Cisco Talos

Cisco Talos's latest research tracking malware distribution campaigns have identified the usage of 3LOSH crypter to obfuscate the deployment of commodity malware including AsyncRAT and LimeRAT. An ISO disk image initiates the infection chain with a VBScript that launches PowerShell to create and execute a series of scripts. Persistence is achieved through a scheduled task that's created by the PowerShell script. Once the series of bat and ps1 scripts have been completed, the payload for the remote access trojan is injected and executed. These campaigns with 3LOSH crypter have been observed by Cisco Talos for several months and appear to be increasing activity with attackers turning to 3LOSH crypter to evade detection in corporate environments.


Get trending threats published weekly by the Anvilogic team.

Sign Up Now