New ScrubCrypt Crypter Used in Cryptojacking Attacks Targeting Oracle WebLogic

Cyber Security

Products You May Like

Mar 09, 2023Ravie LakshmananCryptojacking / Threat Detection,

The infamous cryptocurrency miner group called 8220 Gang has been observed using a new crypter called ScrubCrypt to carry out cryptojacking operations.

According to Fortinet FortiGuard Labs, the attack chain commences with successful exploitation of susceptible Oracle WebLogic servers to download a PowerShell script that contains ScrubCrypt.

Crypters are a type of software that can encrypt, obfuscate, and manipulate malware with the goal of evading detection by security programs.

ScrubCrypt, which is advertised for sale by its author, comes with features to bypass Windows Defender protections as well as check for the presence of debugging and virtual machine environments.

“ScrubCrypt is a crypter used to secure applications with a unique BAT packing method,” security researcher Cara Lin said in a technical report. “The encrypted data at the top can be split into four parts using backslash ‘.'”

ScrubCrypt Crypter

The crypter, in the final stage, decodes and loads the miner payload in memory, thereby launching the miner process.

The threat actor has a track record of taking advantage of publicly disclosed vulnerabilities to infiltrate targets, and the latest findings are no different.

WEBINAR

Discover the Hidden Dangers of Third-Party SaaS Apps

Are you aware of the risks associated with third-party app access to your company’s SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk.

RESERVE YOUR SEAT

The development also comes as Sydig detailed attacks mounted by the 8220 Gang between November 2022 and January 2023 that aim to breach vulnerable Oracle WebLogic and Apache web servers to drop the XMRig miner.

In late January 2023, Fortinet also uncovered cryptojacking attacks that make use of Microsoft Excel documents containing malicious VBA macros that are configured to download an executable to mine Monero (XMR) on infected systems.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Products You May Like

Articles You May Like

SANS Institute Unveils Critical Infrastructure Strategy Guide for 2024: A Call to Action for Securing ICS/OT Environments
iPhone 16 Pro Max Leaked Dummy Unit Offers Glimpse at New Desert Titanium Colourway
Vietnamese Human Rights Group Targeted in Multi-Year Cyberattack by APT32
Realme 13 5G, Realme 13+ 5G With 80W Fast Charging Launched in India: Price, Offers, Specifications
Infinix Hot 50 5G India Launch Date Set for September 5; Design, Key Features Revealed Ahead of Debut

Leave a Reply

Your email address will not be published. Required fields are marked *