Antivirus just can't stop this malware- masquerades as a Microsoft Word CV file

    This malware, masquerading as a Microsoft Word CV file, can bypass more than 50 antivirus softwares!
    By: HT TECH
    | Updated on: Aug 22 2022, 13:40 IST
    Cybercrime
    Online threat actors have used an ISO file to seed this malware on victims' systems. (HT_PRINT)
    Cybercrime
    Online threat actors have used an ISO file to seed this malware on victims' systems. (HT_PRINT)

    An antiviruses is supposed to be a sure-fire way to shield your device from the threat of malware and hackers who are always devising new ways to hijack it! But what if we say that there is malware that can't even be detected by the most potent antivirus software? That is scary! The latest report by a team of researchers has discovered that such a malware actually exists and it is capable of hiding from more than 50 top antivirus softwares.

    This malware is very much capable of spoiling your system was discovered Unit 42 cybersecurity researchers. Unit 42 is a threat intelligence team at Palo Alto Networks. It was first spotted back in May, a TechRadar report suggested. According to the website, BRC4 is "a Customized Command and Control Center for Red Team and Adversary Simulation". The team at BRC4 suggests that it has employed reverse-engineered popular antivirus products to make sure that its tools can escape any detection via antivirus software.

    Researchers have suggested that there are likely state-sponsored actors behind this malware campaign. This is because of its design and the speed at which malware has been distributed to the victim's system.

    How has this dangerous malware been spreading?

    This escape-master malware, Unit 42 observed, starts its life as a curriculum vitae (CV) file named Roshan Bandara. But this resume file carries the malware to deliver it to the potential victim's system. The resume is even being offered as an ISO file, which is a disk image file format. When a user clicks on it, it shows a File Manager window with a single file option named, “Roshan-Bandara_CV_Dialog".

    Normally, the file looks like any other Microsoft Word file, but once a user clicks on the file, it opens as CMD.EXE and runs the OneDrive Updater. And here is how this malware escapes all the antivirus services and installs BRC4 on the system.

    Who is exactly behind this malware campaign is still unknown, but researchers suspect it to be the Russian-based APT29 group, which have been known to weaponize ISO files in the past too.

    Follow HT Tech for the latest tech news and reviews , also keep up with us on Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

    First Published Date: 08 Jul, 17:59 IST
    Tags:
    NEXT ARTICLE BEGINS
    keep up with tech