Antivirus just can't stop this malware- masquerades as a Microsoft Word CV file
An antiviruses is supposed to be a sure-fire way to shield your device from the threat of malware and hackers who are always devising new ways to hijack it! But what if we say that there is malware that can't even be detected by the most potent antivirus software? That is scary! The latest report by a team of researchers has discovered that such a malware actually exists and it is capable of hiding from more than 50 top antivirus softwares.
This malware is very much capable of spoiling your system was discovered Unit 42 cybersecurity researchers. Unit 42 is a threat intelligence team at Palo Alto Networks. It was first spotted back in May, a TechRadar report suggested. According to the website, BRC4 is "a Customized Command and Control Center for Red Team and Adversary Simulation". The team at BRC4 suggests that it has employed reverse-engineered popular antivirus products to make sure that its tools can escape any detection via antivirus software.
Researchers have suggested that there are likely state-sponsored actors behind this malware campaign. This is because of its design and the speed at which malware has been distributed to the victim's system.
How has this dangerous malware been spreading?
This escape-master malware, Unit 42 observed, starts its life as a curriculum vitae (CV) file named Roshan Bandara. But this resume file carries the malware to deliver it to the potential victim's system. The resume is even being offered as an ISO file, which is a disk image file format. When a user clicks on it, it shows a File Manager window with a single file option named, “Roshan-Bandara_CV_Dialog".
Normally, the file looks like any other Microsoft Word file, but once a user clicks on the file, it opens as CMD.EXE and runs the OneDrive Updater. And here is how this malware escapes all the antivirus services and installs BRC4 on the system.
Who is exactly behind this malware campaign is still unknown, but researchers suspect it to be the Russian-based APT29 group, which have been known to weaponize ISO files in the past too.